Bardzo prosze o sprawdzenie logów

[marjan1055]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:24, on 09-08-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINXP\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\0\Pulpit\HiJackThis.exe
C:\WINXP\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.info.stargard.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINXP\system32\userinit.exe,C:\WINXP\system32\drivers\svchost.exe,C:\WINXP\system32\twex.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\DANEAP~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINXP\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.info.stargard.pl
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7005770078
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/ ... 63ctrl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINXP\system32\winuid.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - http://www.fotogaleria.mcza.net/grafika/kwiaty2/3.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/0/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - http://pics.mediaplazza.com/t_24/101x80 ... enDice.gif
O24 - Desktop Component 3: (no name) - http://www.mix24.com.pl/themes/theme1/header/logo.jpg
O24 - Desktop Component 4: (no name) - http://projekty.dom.pl/js/projekty_dom.js

--
End of file - 7716 bytes

[mateo8898]

Przeskanuj plik C:\WINXP\system32\winuid.dll na http://www.virustotal.com/pl/ i podaj wyniki

Fix w HijackThis:

Kod: Zaznacz wszystko

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66020
F2 - REG:system.ini: UserInit=C:\WINXP\system32\userinit.exe,C:\WINXP\system32\drivers\svchost.exe, C:\WINDOWS\system32\twex.exe,
O24 - Desktop Component 0: (no name) - http://www.fotogaleria.mcza.net/grafika/kwiaty2/3.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/0/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - http://pics.mediaplazza.com/t_24/101x80 ... enDice.gif
O24 - Desktop Component 3: (no name) - http://www.mix24.com.pl/themes/theme1/header/logo.jpg
O24 - Desktop Component 4: (no name) - http://projekty.dom.pl/js/projekty_dom.js

Pobierz Combofix ale nie uruchamiaj. Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINXP\system32\drivers\svchost.exe
C:\WINXP\system32\twex.exe

Folder::
C:\Program Files\Common Files\Sogou PXP

Driver::
P4P Service

Plik zapisz jako CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe


Rozpocznie się usuwanie i powstanie log, który dajesz na forum.

[marjan1055]

ComboFix 09-08-04.04 - 0 09-08-06 16:52.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.703.464 [GMT 2:00]
Uruchomiony z: c:\documents and settings\0\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\0\Pulpit\CFScript.txt.txt
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Utworzono nowy punkt przywracania
* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\0\Dane aplikacji\wiaserva.log
c:\program files\Common Files\sogou pxp
c:\program files\Common Files\sogou pxp\p2psvr.exe
c:\winxp\exefld
c:\winxp\hosts
c:\winxp\system32\ABCRDa.exe
c:\winxp\system32\twain32
c:\winxp\system32\twain32\local.ds
c:\winxp\system32\twain32\user.ds
c:\winxp\system32\twain32\user.ds.lll
c:\winxp\system32\twex.exe
c:\winxp\system32\winuid.dll

c:\winxp\system32\grpconv.exe - brakowało pliku
Plik odzyskano z - c:\winxp\ServicePackFiles\i386\grpconv.exe

c:\winxp\system32\proquota.exe - brakowało pliku
Plik odzyskano z - c:\winxp\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_P4P_SERVICE
-------\Legacy_STISVCWUAUSERV
-------\Service_P4P Service
-------\Service_stisvcwuauserv


((((((((((((((((((((((((( Pliki utworzone od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 14:57 . 2008-04-14 17:21 50688 -c--a-w- c:\winxp\system32\dllcache\proquota.exe
2009-08-05 21:10 . 2009-08-05 21:10 32 --s-a-w- c:\winxp\system32\3633003259.dat
2009-07-08 19:26 . 2009-07-08 19:26 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-08 18:50 . 2008-10-16 12:06 268648 ----a-w- c:\winxp\system32\mucltui.dll
2009-07-07 22:29 . 2009-07-07 22:29 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-07 22:29 . 2009-07-07 22:29 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-07 22:27 . 2008-08-26 08:26 18816 ----a-w- c:\winxp\system32\drivers\pccsmcfd.sys
2009-07-07 22:27 . 2009-07-07 22:27 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-07 22:26 . 2009-07-07 22:26 33984304 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_pol.exe
2009-07-07 22:26 . 2009-07-07 22:26 95232 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-07 22:26 . 2009-07-07 22:26 8192 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-07 22:26 . 2009-07-07 22:26 61440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-07 22:26 . 2009-07-07 22:26 10240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 11:30 . 2006-08-01 20:48 -------- d-----w- c:\program files\Google
2009-08-06 06:02 . 2005-08-26 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 07:56 . 2005-08-26 18:03 91112 ----a-w- c:\documents and settings\0\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-07-15 09:22 . 2009-07-05 21:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-07-07 22:29 . 2007-12-06 19:26 -------- d-----w- c:\program files\Nokia
2009-07-07 22:27 . 2007-12-06 19:26 -------- d-----w- c:\program files\DIFX
2009-07-07 22:26 . 2007-12-06 19:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Installations
2009-07-07 20:32 . 2002-09-28 22:00 65598 ----a-w- c:\winxp\system32\perfc015.dat
2009-07-07 20:32 . 2002-09-28 22:00 433294 ----a-w- c:\winxp\system32\perfh015.dat
2009-07-06 20:17 . 2009-07-06 20:17 -------- d-----w- c:\program files\Microsoft Works
2009-07-06 20:17 . 2009-07-06 20:17 -------- d-----w- c:\program files\MSBuild
2009-07-06 20:15 . 2009-07-06 20:15 -------- d-----w- c:\program files\Microsoft.NET
2009-07-06 20:06 . 2008-07-24 09:24 -------- d-----w- c:\documents and settings\0\Dane aplikacji\uTorrent
2009-06-26 16:51 . 2004-08-03 22:44 669184 ----a-w- c:\winxp\system32\wininet.dll
2009-06-26 16:51 . 2004-08-03 22:44 81920 ----a-w- c:\winxp\system32\ieencode.dll
2009-06-16 14:40 . 2004-08-03 22:44 119808 ----a-w- c:\winxp\system32\t2embed.dll
2009-06-16 14:40 . 2002-09-28 22:00 81920 ----a-w- c:\winxp\system32\fontsub.dll
2009-06-14 14:47 . 2005-10-06 18:54 -------- d-----w- c:\documents and settings\0\Dane aplikacji\Skype
2009-06-14 14:40 . 2009-03-01 13:44 -------- d-----w- c:\documents and settings\0\Dane aplikacji\skypePM
2009-06-08 16:17 . 2009-06-08 16:17 -------- d-----w- c:\program files\ALLPlayer
2009-06-08 16:17 . 2008-03-02 20:40 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-06-08 16:16 . 2009-06-08 16:16 237568 ----a-w- c:\winxp\system32\OggDS.dll
2009-06-08 16:16 . 2009-06-08 16:16 921600 ----a-w- c:\winxp\system32\vorbisenc.dll
2009-06-08 16:16 . 2009-06-08 16:16 188416 ----a-w- c:\winxp\system32\vorbis.dll
2009-06-08 16:16 . 2009-06-08 16:16 45056 ----a-w- c:\winxp\system32\ogg.dll
2009-06-08 16:16 . 2009-06-08 16:16 1415680 ----a-w- c:\winxp\system32\WMV9VCM.dll
2009-06-08 16:16 . 2009-06-08 16:16 245760 ----a-w- c:\winxp\system32\mplvpx.dll
2009-06-08 16:16 . 2009-06-08 16:16 9216 ----a-w- c:\winxp\system32\cpuinf32.dll
2009-06-08 16:16 . 2009-05-31 11:00 130048 ----a-w- c:\winxp\system32\xvidvfw.dll
2009-06-03 19:11 . 2004-08-03 22:44 1294848 ----a-w- c:\winxp\system32\quartz.dll
2007-12-16 11:23 . 2007-12-16 11:23 1493863 ----a-w- c:\program files\allplayer.exe
2004-03-11 11:27 . 2005-08-26 22:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-07-21 949376]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\winxp\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
backup=c:\winxp\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\winxp\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=c:\winxp\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\winxp\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\eMule\\emule.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Zapu\\Zapu\\wDivi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1659:UDP"= 1659:UDP:Windows Media Format SDK (iexplore.exe)
"1658:UDP"= 1658:UDP:Windows Media Format SDK (iexplore.exe)

R1 nod32drv;nod32drv;c:\winxp\system32\drivers\nod32drv.sys [07-06-28 18:36 15424]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\0\USTAWI~1\Temp\bDMusicb.sys --> c:\docume~1\0\USTAWI~1\Temp\bDMusicb.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\winxp\system32\drivers\s1018bus.sys [09-05-17 13:50 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\winxp\system32\drivers\s1018mdfl.sys [09-05-17 13:50 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\winxp\system32\drivers\s1018mdm.sys [09-05-17 13:50 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\winxp\system32\drivers\s1018mgmt.sys [09-05-17 13:50 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\winxp\system32\drivers\s1018nd5.sys [09-05-17 13:50 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\winxp\system32\drivers\s1018obex.sys [09-05-17 13:50 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\winxp\system32\drivers\s1018unic.sys [09-05-17 13:50 109736]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SlowDownCPU;SlowDownCPU;c:\winxp\inf\MSI\SlowDownCPU\NTGLM7X.SYS [05-08-26 23:04 23424]
S3 V0010bVd;Creative WebCam Vista #2;c:\winxp\system32\drivers\V0010bVd.sys [05-11-12 16:00 186551]
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-05 c:\winxp\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-02 13:22]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\winxp\system32\imon.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 16:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


c:\docume~1\0\USTAWI~1\Temp\Perflib_Perfdata_f58.dat 16384 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(536)
c:\winxp\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ESET\nod32krn.exe
c:\winxp\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-06 17:02 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-08-06 15:02

Przed: 3 961 630 720 bajtów wolnych
Po: 4 609 298 432 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

194 --- E O F --- 2009-07-28 18:49

Z gory dziekuje. Pozdrawiam.

[mateo8898]

Pobierz The Avenger zaznacz poniższy tekst:

Kod: Zaznacz wszystko

Drivers to delete:
bDMusicb
SetupNTGLM7X

Files to delete:
c:\winxp\system32\3633003259.dat

kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Pobierz OTC uruchom i wciśnij CleanUp

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja

Wykonaj pełne skanowanie Dr. Web CureIt - jeśli coś znajdzie usuń i daj log (Plik Zapisz Listę Raportu)

Zaktualizuj IE do najnowszej wersji https://www.instalki.pl/download/programy/windows/internet/przegladarki-www/internet-explorer-8-xp/

[marjan1055]

Mam problem z The Avenger, poniewaz w folderze w ktorym mial sie utworzyc plik txt (avenger.txt) utworzyl mi sie plik avanger.bat(wpis rejestru na dodatek plik chroniony haslem?
Wszystko inne dzieki wskazowka:) poszlo jak po masle:)
Dzieki jeszcze raz.
Pozdrawiam.

[marjan1055]

Raport z dr. Web [quote][HJAHDDCA.NQF C:\Program Files\ESET\infected Trojan.Packed.2463 Niewyleczalny.Przeniesiony.
JBMPRYBA.NQF C:\Program Files\ESET\infected Trojan.PWS.Multi.35 Usunięty.
LYSTNGBA.NQF C:\Program Files\ESET\infected Trojan.MulDrop.33008 Usunięty.
MQQP4TBA.NQF C:\Program Files\ESET\infected Trojan.PWS.Multi.35 Usunięty.
Z3NQ43AA.NQF C:\Program Files\ESET\infected Win32.HLLW.Facebook.89 Usunięty.
/quote]

[mateo8898]

Dr.Web wykrył tylko wirusy w kwarantannie Eseta, więc powinno być ok

[marjan1055]

Dziekuje za pomoc mati8898. Pozdrawiam.