Nie mogę pozbyc się wirusow...

[mariuszz]

Witam serdecznie,

Na wstepie powiem, ze jestem poczatkujacym w dziedzienie komputerow. Mialem juz kiedys komputer lecz bez internetu to tez nie bylo wirusow. Miesiac temu kupilem sobie laptopa z systemem wista. Jako zabezpieczenie znajomy polecil mi avast (najnowsza wersje). Na kompa sciagalem rozne filmy, muzyke i jeszcze mnostwo plikow innych. miedzy innymi z bearshare, emule i taki program z niebieską zabką chyba... juz nie pamietam. Oprocz tego bezposrednio ze stronek. Od jakiegos czasu zaczely mi sie pojaiwac wirusy ,,kon trojanski m.in.,, albo reklamairz. Dostawalem takie propozycje zainstalowania jakiegos ponoc niezbedego programu i mi wchodzily 2,3 na raz wirusy. W koncu ich sie zebrako tyle, ze nie potrafilem ich wyrzucic. Zainstalowalem kasperskiego i on mi nagle wykryl najpierw 35 zagrozen (glownie trojany) pozniej 74:/ No is ie troche wystarszylem. Pozniej mialem atak sieciowy ale zablokowany. W pewnym momencie zaczl mi kompter wariowac.. Ale teraz jest juz dobrze. Zainstalowalem program Eset i on wykryl 26 wirusow ale nie wszystkie potrafil usunac. mialem tez ad ware 2008 i on mi wykryl jakies 30 trojanow i tez sie nie mog z nimi uporac i niby sie usunelay ale przy nastepnym skanpowaniu znowu byly.Oprocz tego glownie kasperski wykrywał mi, ze mam ,,luki,, i ja usuwalem foldery z tymi lukami jesli sie dalo. w koncu komp zaczl mi bardzo wolno chodzic. Usunalem te programy ochronne i zostawilem tylko eseta... i niby dobrze chodzi ale nie do konca bo wirusow jest nadal pelno i nie da sie ich usunac. np.
C:\Users\nowezycie\AppData\Local\Temp\anhwapbp.dll - odmiana wirusa Win32/Adware.Virtumonde.NBU aplikacja - wyleczony przez usunięcie - poddany kwarantannie
C:\Users\nowezycie\AppData\Local\Temp\dngmchis.dll - odmiana wirusa Win32/Adware.Virtumonde.NBU aplikacja - błąd podczas usuwanie (Dostęp zabroniony)
C:\Users\nowezycie\AppData\Local\Temp\pxwmedvs.dll - odmiana wirusa Win32/Adware.Virtumonde.NBU aplikacja - wyleczony przez usunięcie - poddany kwarantannie
C:\Users\nowezycie\AppData\Local\Temp\uygexyiq.dll - odmiana wirusa Win32/Adware.Virtumonde.NBU aplikacja - błąd podczas leczenie (Dostęp zabroniony)

takie komunikaty dostaje po zrobieniu skanowania..
Prosze o pomoc.

[t.w.21]

to tylko niektóre kłopoty kolegi mariusza a dokładniej sławka dlatego pordziłem aby sie tu zarejestrował idał posta ja mu poleciłem aby narazie sciagnął to co zwykle hjack this silent runners combo fixa Ad awarea i spybot search and destroy oraz ccleanera
i radziłem czekać na odpowiedź pomozcie mu błagam bo ja zrobiłem wszystko co w mojej mocy ok

[huber2t]

Podaj log z Combofix

A następnie:

Podaj log z Hijackthis

Wykonaj w takiej kolejności jak podałem

[mariuszz]

To jest Combofix:


ComboFix 08-09-27.01 - nowezycie 2008-09-28 10:58:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.978 [GMT 2:00]
Uruchomiony z: C:\Users\nowezycie\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search

.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-28 do 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-09-27 17:34 . 2008-09-27 17:37 <DIR> d-------- C:\Users\nowezycie\AppData\Roaming\Winamp
2008-09-27 17:34 . 2008-09-27 17:42 <DIR> d-------- C:\Program Files\Winamp
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\Users\All Users\ESET
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\ProgramData\ESET
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\Program Files\ESET
2008-09-27 13:31 . 2008-09-27 17:26 <DIR> d-------- C:\Users\All Users\NOS
2008-09-27 13:31 . 2008-09-27 17:26 <DIR> d-------- C:\ProgramData\NOS
2008-09-27 13:11 . 2008-09-27 13:13 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-27 13:11 . 2008-09-27 13:13 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-27 02:53 . 2008-09-27 17:25 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-09-27 02:53 . 2008-09-27 17:25 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-15 21:11 . 2008-09-27 19:01 <DIR> d-------- C:\temp
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Windows\Downloaded Installations
2008-09-15 20:40 . 2008-09-15 20:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-09-13 17:28 . 2008-09-13 17:26 4,358,144 --a------ C:\Windows\uncsetup.exe
2008-09-13 17:28 . 2008-09-13 17:28 53,248 --a------ C:\Windows\System32\unrar.dll
2008-09-10 10:26 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 10:26 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-10 10:26 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 10:26 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 21:29 . 2008-09-06 21:29 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-09-06 21:29 . 2008-09-06 21:29 <DIR> d-------- C:\Program Files\ALLPlayer
2008-09-06 20:55 . 2008-09-06 20:55 <DIR> d-------- C:\Program Files\AskSBar
2008-09-06 20:48 . 2008-09-06 20:48 <DIR> d-------- C:\Users\All Users\eMule
2008-09-06 20:48 . 2008-09-06 20:48 <DIR> d-------- C:\ProgramData\eMule
2008-08-29 19:19 . 2008-09-27 17:18 <DIR> d-------- C:\My Downloads
2008-08-29 19:19 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Users\All Users\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\ProgramData\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 08:54 --------- d-----w C:\Users\nowezycie\AppData\Roaming\DNA
2008-09-27 12:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-27 09:36 --------- d-----w C:\ProgramData\Apple Computer
2008-09-21 19:47 --------- d-----w C:\Users\nowezycie\AppData\Roaming\BitTorrent
2008-09-12 15:47 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Vso
2008-09-10 19:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 19:23 --------- d-----w C:\Program Files\Microsoft Works
2008-08-29 09:25 --------- d-----w C:\Program Files\Bonjour
2008-08-27 10:23 --------- d-----w C:\ProgramData\FLEXnet
2008-08-17 20:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 18:46 --------- d-----w C:\ProgramData\Codemasters
2008-08-15 18:43 --------- d-----w C:\Program Files\OpenAL
2008-08-15 14:51 --------- d-----w C:\Users\nowezycie\AppData\Roaming\OpenOffice.org2
2008-08-15 11:08 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Gadu-Gadu
2008-08-15 11:06 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-15 09:37 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Nowe Gadu-Gadu
2008-08-15 08:19 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 13:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 19:44 --------- d-----w C:\Program Files\DNA
2008-08-11 14:07 --------- d-----w C:\ProgramData\Azureus
2008-08-10 11:44 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Apple Computer
2008-08-10 08:34 --------- d-----w C:\ProgramData\DAEMON Tools Pro
2008-08-10 08:33 --------- d-----w C:\Users\nowezycie\AppData\Roaming\DAEMON Tools Pro
2008-08-10 08:27 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-09 13:41 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Ahead
2008-08-08 16:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 23:26 --------- d-----w C:\Program Files\VSO
2008-08-05 08:13 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-03 16:08 --------- d-----w C:\Program Files\Google
2008-08-02 20:49 --------- d-----w C:\Program Files\INTERIAPL
2008-08-02 12:08 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 12:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 11:51 48,640 ----a-w C:\Windows\System32\davclnt.dll
2008-08-02 11:51 196,096 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-02 11:51 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-02 11:48 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-08-02 11:46 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-02 11:45 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-02 11:45 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-08-02 11:45 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-02 11:45 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-02 11:45 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-08-02 11:45 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-02 11:45 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-08-02 11:44 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-08-02 11:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-08-02 11:43 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-08-02 11:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-08-02 11:43 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-08-02 11:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-08-02 11:43 102,400 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-08-02 11:43 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-08-02 11:41 3,505,848 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-02 11:41 3,472,056 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-01 17:59 --------- d-----w C:\Program Files\neostrada tp
2008-08-01 17:55 --------- d-----w C:\Program Files\Alwil Software
2008-08-01 16:50 33 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-08-01 16:49 --------- d-----w C:\Users\nowezycie\AppData\Roaming\InstallShield
2008-08-01 16:49 --------- d-----w C:\Program Files\SAGEM
2008-07-31 15:00 8,059 ----a-w C:\Windows\gdrv.sys
2008-07-31 14:16 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-07-31 14:16 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-07-31 14:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-31 14:13 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-31 14:12 --------- d-----w C:\ProgramData\Nero
2008-07-31 14:12 --------- d-----w C:\Program Files\Nero
2008-07-31 14:09 --------- d-----w C:\Users\nowezycie\AppData\Roaming\ATI
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-30 03:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-30 03:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 23:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL" [2008-09-06 66912]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-09-06 20:55 66912 --a------ C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-02 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-03 171448]
"BitTorrent DNA"="C:\Users\nowezycie\Program Files\DNA\btdna.exe" [2008-08-12 289088]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"recinfo863"="c:\RecInfo\RecInfo.exe" [2007-10-23 2764800]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6E599B94-F3EF-48EA-9071-AE908A84F010}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{C0E81D8F-E915-44ED-B412-A045F6CB2CCF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5436F3BD-9F01-4FE8-9BE6-DA6D9AE0F5D8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{411EA84C-FCEE-4766-BB90-C2EF4937170D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9BF23C32-F922-4F42-A4FA-890094A5599A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B5D26FB9-BBD8-4571-B4A7-C4564F0905CE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5EA84819-F455-412B-B41A-585D0D8AC590}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{B7DAB509-6BA7-42D1-9DE1-BBFEE00055AD}D:\\programy\\webcam.exe"= UDP:D:\programy\webcam.exe:Active WebCam
"UDP Query User{BAE4FCD7-CD47-4766-9877-17434A7AC809}D:\\programy\\webcam.exe"= TCP:D:\programy\webcam.exe:Active WebCam
"TCP Query User{66D3B686-EAEC-4621-9244-87D17BD45F68}D:\\programy\\cs\\hl.exe"= UDP:D:\programy\cs\hl.exe:Half-Life Launcher
"UDP Query User{4EBC97EA-814C-49D7-955A-D9CC46C5C1E3}D:\\programy\\cs\\hl.exe"= TCP:D:\programy\cs\hl.exe:Half-Life Launcher
"TCP Query User{0B7E819C-1133-4478-88C9-088E1A5023AE}D:\\programy\\emule\\emule.exe"= UDP:D:\programy\emule\emule.exe:eMule
"UDP Query User{8773AFD1-5596-40BA-A709-E5E1D98F8F01}D:\\programy\\emule\\emule.exe"= TCP:D:\programy\emule\emule.exe:eMule
"TCP Query User{729746E3-3418-4978-B7B9-7A76DA89741E}D:\\programy\\bearshare.exe"= UDP:D:\programy\bearshare.exe:BearShare
"UDP Query User{3B86CFDE-2B89-4E7E-8E3A-22FC1D5B6C95}D:\\programy\\bearshare.exe"= TCP:D:\programy\bearshare.exe:BearShare
"TCP Query User{266471D9-F5C7-41E6-BA8C-2DE23728755D}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{8BFC4836-BCA1-4E23-ABA5-E287EB3D51F4}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{69FD452B-2248-4BD5-972F-A86A39471F97}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{6140F189-7EB4-47A3-9098-AD03F3ED5E83}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{A4BFD921-1E3F-4778-A77B-2B9DA9459A92}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{16815358-1FCF-4AB7-A94F-88399237E5C5}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D6D10187-8F5A-4B7F-8E81-AB47091CAAE2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{4E1E2F64-13CE-43AB-A769-5FD534541669}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{8BF4E7BF-B3BA-4B6E-8410-1AC4C03F802A}C:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"UDP Query User{EFA208D2-1C73-41B6-BA8A-CC5C75ACBF0E}C:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"{6386FEB4-E051-429D-A61A-7D1FFD692F21}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{91C51F0C-88B7-4907-B2DA-A971FE742502}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{7B9EF6C3-D1E7-4A76-B66E-C258D10C5150}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{D3173BCA-D2FD-4411-955B-037732F08A2A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-12 3155456]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffde6cd-62d0-11dd-959b-806e6f6e6963}]
\shell\AutoRun\command - F:\nideiect.com
\shell\explore\Command - F:\nideiect.com
\shell\open\Command - F:\nideiect.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-DAEMON Tools Pro Agent - D:\Programy\deamon tools pro\DAEMON Tools Pro\DTProAgent.exe
HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe
HKLM-Run-recinfo - RecInfo.exe
ShellExecuteHooks-{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8} - C:\Windows\system32\qoMddaaB.dll


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\nowezycie\AppData\Roaming\Mozilla\Firefox\Profiles\splaam36.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Users\nowezycie\Program Files\DNA\plugins\npbtdna.dll
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 11:00:36
Windows 6.0.6000 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-28 11:02:27
ComboFix-quarantined-files.txt 2008-09-28 09:01:55

Przed: 104˙949˙968˙896 bajt˘w wolnych
Po: 105,154,859,008 bajt˘w wolnych

257 --- E O F --- 2008-09-26 09:36:07



To jest Hijackthis:


ComboFix 08-09-27.01 - nowezycie 2008-09-28 10:58:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.978 [GMT 2:00]
Uruchomiony z: C:\Users\nowezycie\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search

.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-28 do 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-09-27 17:35 . 2008-09-27 17:35 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-09-27 17:34 . 2008-09-27 17:37 <DIR> d-------- C:\Users\nowezycie\AppData\Roaming\Winamp
2008-09-27 17:34 . 2008-09-27 17:42 <DIR> d-------- C:\Program Files\Winamp
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\Users\All Users\ESET
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\ProgramData\ESET
2008-09-27 14:50 . 2008-09-27 14:50 <DIR> d-------- C:\Program Files\ESET
2008-09-27 13:31 . 2008-09-27 17:26 <DIR> d-------- C:\Users\All Users\NOS
2008-09-27 13:31 . 2008-09-27 17:26 <DIR> d-------- C:\ProgramData\NOS
2008-09-27 13:11 . 2008-09-27 13:13 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-09-27 13:11 . 2008-09-27 13:13 <DIR> d-------- C:\ProgramData\Lavasoft
2008-09-27 02:53 . 2008-09-27 17:25 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-09-27 02:53 . 2008-09-27 17:25 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-09-27 02:44 . 2008-09-27 02:44 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-09-15 21:11 . 2008-09-27 19:01 <DIR> d-------- C:\temp
2008-09-15 21:09 . 2008-09-15 21:09 <DIR> d-------- C:\Windows\Downloaded Installations
2008-09-15 20:40 . 2008-09-15 20:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-09-13 17:28 . 2008-09-13 17:26 4,358,144 --a------ C:\Windows\uncsetup.exe
2008-09-13 17:28 . 2008-09-13 17:28 53,248 --a------ C:\Windows\System32\unrar.dll
2008-09-10 10:26 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 10:26 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-10 10:26 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 10:26 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-06 21:29 . 2008-09-06 21:29 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-09-06 21:29 . 2008-09-06 21:29 <DIR> d-------- C:\Program Files\ALLPlayer
2008-09-06 20:55 . 2008-09-06 20:55 <DIR> d-------- C:\Program Files\AskSBar
2008-09-06 20:48 . 2008-09-06 20:48 <DIR> d-------- C:\Users\All Users\eMule
2008-09-06 20:48 . 2008-09-06 20:48 <DIR> d-------- C:\ProgramData\eMule
2008-08-29 19:19 . 2008-09-27 17:18 <DIR> d-------- C:\My Downloads
2008-08-29 19:19 . 2007-11-22 16:00 483,328 --a------ C:\Windows\System32\actskn45.ocx
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Users\All Users\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\ProgramData\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-08-29 11:24 . 2008-08-29 11:24 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 08:54 --------- d-----w C:\Users\nowezycie\AppData\Roaming\DNA
2008-09-27 12:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-27 09:36 --------- d-----w C:\ProgramData\Apple Computer
2008-09-21 19:47 --------- d-----w C:\Users\nowezycie\AppData\Roaming\BitTorrent
2008-09-12 15:47 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Vso
2008-09-10 19:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 19:23 --------- d-----w C:\Program Files\Microsoft Works
2008-08-29 09:25 --------- d-----w C:\Program Files\Bonjour
2008-08-27 10:23 --------- d-----w C:\ProgramData\FLEXnet
2008-08-17 20:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-15 18:46 --------- d-----w C:\ProgramData\Codemasters
2008-08-15 18:43 --------- d-----w C:\Program Files\OpenAL
2008-08-15 14:51 --------- d-----w C:\Users\nowezycie\AppData\Roaming\OpenOffice.org2
2008-08-15 11:08 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Gadu-Gadu
2008-08-15 11:06 --------- d-----w C:\Program Files\Gadu-Gadu
2008-08-15 09:37 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Nowe Gadu-Gadu
2008-08-15 08:19 --------- d-----w C:\Program Files\Windows Mail
2008-08-12 13:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 19:44 --------- d-----w C:\Program Files\DNA
2008-08-11 14:07 --------- d-----w C:\ProgramData\Azureus
2008-08-10 11:44 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Apple Computer
2008-08-10 08:34 --------- d-----w C:\ProgramData\DAEMON Tools Pro
2008-08-10 08:33 --------- d-----w C:\Users\nowezycie\AppData\Roaming\DAEMON Tools Pro
2008-08-10 08:27 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-08-09 13:41 --------- d-----w C:\Users\nowezycie\AppData\Roaming\Ahead
2008-08-08 16:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-05 23:26 --------- d-----w C:\Program Files\VSO
2008-08-05 08:13 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-03 16:08 --------- d-----w C:\Program Files\Google
2008-08-02 20:49 --------- d-----w C:\Program Files\INTERIAPL
2008-08-02 12:08 174 --sha-w C:\Program Files\desktop.ini
2008-08-02 12:05 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-02 11:51 48,640 ----a-w C:\Windows\System32\davclnt.dll
2008-08-02 11:51 196,096 ----a-w C:\Windows\System32\WebClnt.dll
2008-08-02 11:51 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-08-02 11:48 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-08-02 11:46 944,184 ----a-w C:\Windows\System32\winload.exe
2008-08-02 11:45 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-08-02 11:45 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-08-02 11:45 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-08-02 11:45 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-08-02 11:45 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-08-02 11:45 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-08-02 11:45 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-08-02 11:44 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-08-02 11:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-08-02 11:43 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-08-02 11:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-08-02 11:43 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-08-02 11:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-08-02 11:43 102,400 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-08-02 11:43 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-08-02 11:41 3,505,848 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-08-02 11:41 3,472,056 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-08-01 17:59 --------- d-----w C:\Program Files\neostrada tp
2008-08-01 17:55 --------- d-----w C:\Program Files\Alwil Software
2008-08-01 16:50 33 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-08-01 16:49 --------- d-----w C:\Users\nowezycie\AppData\Roaming\InstallShield
2008-08-01 16:49 --------- d-----w C:\Program Files\SAGEM
2008-07-31 15:00 8,059 ----a-w C:\Windows\gdrv.sys
2008-07-31 14:16 --------- d-----w C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-07-31 14:16 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-07-31 14:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-31 14:13 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-31 14:12 --------- d-----w C:\ProgramData\Nero
2008-07-31 14:12 --------- d-----w C:\Program Files\Nero
2008-07-31 14:09 --------- d-----w C:\Users\nowezycie\AppData\Roaming\ATI
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-30 03:11 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-30 03:11 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-29 23:16 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL" [2008-09-06 66912]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-09-06 20:55 66912 --a------ C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-02 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-03 171448]
"BitTorrent DNA"="C:\Users\nowezycie\Program Files\DNA\btdna.exe" [2008-08-12 289088]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"recinfo863"="c:\RecInfo\RecInfo.exe" [2007-10-23 2764800]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 C:\Windows\RtHDVCpl.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6E599B94-F3EF-48EA-9071-AE908A84F010}"= C:\Program Files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV
"{C0E81D8F-E915-44ED-B412-A045F6CB2CCF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5436F3BD-9F01-4FE8-9BE6-DA6D9AE0F5D8}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{411EA84C-FCEE-4766-BB90-C2EF4937170D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{9BF23C32-F922-4F42-A4FA-890094A5599A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B5D26FB9-BBD8-4571-B4A7-C4564F0905CE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{5EA84819-F455-412B-B41A-585D0D8AC590}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{B7DAB509-6BA7-42D1-9DE1-BBFEE00055AD}D:\\programy\\webcam.exe"= UDP:D:\programy\webcam.exe:Active WebCam
"UDP Query User{BAE4FCD7-CD47-4766-9877-17434A7AC809}D:\\programy\\webcam.exe"= TCP:D:\programy\webcam.exe:Active WebCam
"TCP Query User{66D3B686-EAEC-4621-9244-87D17BD45F68}D:\\programy\\cs\\hl.exe"= UDP:D:\programy\cs\hl.exe:Half-Life Launcher
"UDP Query User{4EBC97EA-814C-49D7-955A-D9CC46C5C1E3}D:\\programy\\cs\\hl.exe"= TCP:D:\programy\cs\hl.exe:Half-Life Launcher
"TCP Query User{0B7E819C-1133-4478-88C9-088E1A5023AE}D:\\programy\\emule\\emule.exe"= UDP:D:\programy\emule\emule.exe:eMule
"UDP Query User{8773AFD1-5596-40BA-A709-E5E1D98F8F01}D:\\programy\\emule\\emule.exe"= TCP:D:\programy\emule\emule.exe:eMule
"TCP Query User{729746E3-3418-4978-B7B9-7A76DA89741E}D:\\programy\\bearshare.exe"= UDP:D:\programy\bearshare.exe:BearShare
"UDP Query User{3B86CFDE-2B89-4E7E-8E3A-22FC1D5B6C95}D:\\programy\\bearshare.exe"= TCP:D:\programy\bearshare.exe:BearShare
"TCP Query User{266471D9-F5C7-41E6-BA8C-2DE23728755D}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{8BFC4836-BCA1-4E23-ABA5-E287EB3D51F4}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{69FD452B-2248-4BD5-972F-A86A39471F97}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{6140F189-7EB4-47A3-9098-AD03F3ED5E83}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{A4BFD921-1E3F-4778-A77B-2B9DA9459A92}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{16815358-1FCF-4AB7-A94F-88399237E5C5}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D6D10187-8F5A-4B7F-8E81-AB47091CAAE2}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{4E1E2F64-13CE-43AB-A769-5FD534541669}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{8BF4E7BF-B3BA-4B6E-8410-1AC4C03F802A}C:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"UDP Query User{EFA208D2-1C73-41B6-BA8A-CC5C75ACBF0E}C:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:C:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"{6386FEB4-E051-429D-A61A-7D1FFD692F21}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{91C51F0C-88B7-4907-B2DA-A971FE742502}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{7B9EF6C3-D1E7-4A76-B66E-C258D10C5150}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{D3173BCA-D2FD-4411-955B-037732F08A2A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-12 3155456]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 69656]
S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffde6cd-62d0-11dd-959b-806e6f6e6963}]
\shell\AutoRun\command - F:\nideiect.com
\shell\explore\Command - F:\nideiect.com
\shell\open\Command - F:\nideiect.com

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKCU-Run-DAEMON Tools Pro Agent - D:\Programy\deamon tools pro\DAEMON Tools Pro\DTProAgent.exe
HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe
HKLM-Run-recinfo - RecInfo.exe
ShellExecuteHooks-{A982037A-5FA0-44BD-8BB8-BCE93EBBDFE8} - C:\Windows\system32\qoMddaaB.dll


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Users\nowezycie\AppData\Roaming\Mozilla\Firefox\Profiles\splaam36.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Users\nowezycie\Program Files\DNA\plugins\npbtdna.dll
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 11:00:36
Windows 6.0.6000 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-28 11:02:27
ComboFix-quarantined-files.txt 2008-09-28 09:01:55

Przed: 104˙949˙968˙896 bajt˘w wolnych
Po: 105,154,859,008 bajt˘w wolnych

257 --- E O F --- 2008-09-26 09:36:07

[huber2t]

Do wyleczenia pendrive z wirusów użyj
Perlovg Removal Tool
Flash Disinfector
lub format

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

Folder::
C:\Program Files\AskSBar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ffde6cd-62d0-11dd-959b-806e6f6e6963}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu a w poście dajesz tylko link


Podaj log z Hijackthis

[mariuszz]

Przepraszam , 2 razy podalem log z combofix... Naprawiam swoj bład:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:25, on 2008-09-28
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\nowezycie\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\nowezycie\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo863] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\nowezycie\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF214D49-460A-4947-8991-024231031EC6}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 5918 bytes

[huber2t]

fix w hijackthis

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
O4 - HKLM\..\Run: [recinfo863] c:\RecInfo\RecInfo.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\nowezycie\Program Files\DNA\btdna.exe"

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

Folder::
c:\RecInfo


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu a w poście dajesz tylko link

[mariuszz]

a wiec to jest ten log z combofix...


http://www.wklej.eu/index.php?id=d60b3ebf2e

[huber2t]

Wykonaj to co napisałem w pierwszej wskazówce dot. combofix

[mariuszz]

Mama nadzieję, ze o to chodzi...

http://www.wklej.eu/index.php?id=6409d4ae39

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
c:\RecInfo

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"recinfo863"=-


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu a w poście dajesz tylko link

[mariuszz]

nastepny log..

http://www.wklej.eu/index.php?id=ef84f8fa9f

[huber2t]

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

[mariuszz]

Wszystkie operacje zakonczone... Komp smiga jak mażenie:)) Dziekuje bardzo zam pomoc Hubrtowi i koledze z Torunia:)