prosze o sprawdzenie loga

[ToX]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:21, on 2007-12-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllcache\mravsc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system\msnrav.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\WINDOWS\System32\Win.exe
C:\WINDOWS\System32\mmdmm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ilunveap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [WindowsUpdater] WindowsUpdater.exe
O4 - HKLM\..\Run: [449550db] rundll32.exe "C:\WINDOWS\System32\rpcsrpgw.dll",b
O4 - HKLM\..\RunServices: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKLM\..\RunServices: [WindowsUpdater] WindowsUpdater.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{876B6AA8-3DDB-4694-82BA-5FD8A6AE55F9}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: E404Helper - {4906a375-4ceb-4dfb-aed4-5e361a90a03c} - e404d.dll (file missing)
O23 - Service: Distributed Allocated Memory Unit - Unknown owner - C:\WINDOWS\system32\dllcache\mravsc32.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\ilunveap.exe
O23 - Service: MSN RAV - Unknown owner - C:\WINDOWS\system\msnrav.exe

--
End of file - 2974 bytes



z góry dzięki za pomoc

[Leon$]

Pobierz i zainstaluj jakiegoś antywira bez tego się nie da

narazie przeskanuj tym

Kod: Zaznacz wszystko

http://www.kaspersky.pl/virusscanner.html

[ToX]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:41, on 2007-12-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\ilunveap.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\WINDOWS\System32\Win.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {73F24B2F-4F7A-4BC2-A685-0333C49D1042} - C:\WINDOWS\System32\opnkhge.dll (file missing)
O2 - BHO: {ed62b0c4-df7c-473b-dbf4-3a1fb1cbc36d} - {d63cbc1b-f1a3-4fbd-b374-c7fd4c0b26de} - C:\WINDOWS\System32\eigudxku.dll
O2 - BHO: (no name) - {FD06F6A4-517A-42B2-8683-188E098838B1} - C:\WINDOWS\System32\jkkjj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [449550db] rundll32.exe "C:\WINDOWS\System32\sxsgrlkd.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{876B6AA8-3DDB-4694-82BA-5FD8A6AE55F9}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: opnkhge - C:\WINDOWS\
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\ilunveap.exe

--
End of file - 3406 bytes


ok może teraz ? :]

[Leon$]

Już lepiej
wpis

Kod: Zaznacz wszystko

O2 - BHO: (no name) - {73F24B2F-4F7A-4BC2-A685-0333C49D1042} - C:\WINDOWS\System32\opnkhge.dll (file missing)
O2 - BHO: {ed62b0c4-df7c-473b-dbf4-3a1fb1cbc36d} - {d63cbc1b-f1a3-4fbd-b374-c7fd4c0b26de} - C:\WINDOWS\System32\eigudxku.dll
O2 - BHO: (no name) - {FD06F6A4-517A-42B2-8683-188E098838B1} - C:\WINDOWS\System32\jkkjj.dll
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [449550db] rundll32.exe "C:\WINDOWS\System32\sxsgrlkd.dll",b
O20 - Winlogon Notify: opnkhge - C:\WINDOWS\


usuń HijackThisem >> Fix checked

Pobierz ComboFix
przeskanuj nim system daj log na forun potem nowy log HijackThis

[ToX]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:43, on 2007-12-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\RunServices: [smsger] C:\WINDOWS\System32\Win.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

--
End of file - 2503 bytes



ok mistrzu
co mam teraz wykasować?

[Leon$]

Pobierz [b]ComboFix
przeskanuj nim system daj log na forun potem nowy log HijackThis

[ToX]

no to juz jest po ;p

[buzu]

Pobierz ComboFixa ,zrób log,wrzuć na forum.
ew.stąd ==> https://www.instalki.pl/programy/downlo ... boFix.html
opis ==> http://forum.instalki.pl/viewtopic.php?t=10681

Proponuje również zainstalować SP2 + wszystkie późniejsze poprawki (przynajmniej krytyczne)

[ToX]

ComboFix 07-12-02.6 - grassik 2007-12-06 23:24:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.259 [GMT 1:00]
Running from: C:\Documents and Settings\grassik\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 22:10 . 2007-12-06 22:10 <DIR> d-------- C:\Documents and Settings\grassik\Dane aplikacji\Yahoo!
2007-12-06 22:10 . 2007-12-06 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2007-12-06 22:02 . 2007-12-06 22:02 <DIR> d-------- C:\Program Files\SopCast
2007-12-06 22:02 . 2007-12-06 22:06 <DIR> d-------- C:\Documents and Settings\grassik\Dane aplikacji\SopCast
2007-12-06 21:34 . 2007-12-06 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo!
2007-12-06 21:31 . 2007-12-06 21:34 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 20:54 . 2007-12-06 20:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2007-12-06 19:47 . 2007-12-06 19:47 831,417 ---hs---- C:\WINDOWS\system32\dklrgsxs.ini
2007-12-06 19:34 . 2007-12-06 19:34 74,304 --a------ C:\WINDOWS\system32\iqutnexu.exe
2007-12-06 19:34 . 2007-12-06 19:34 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2007-12-06 19:29 . 2007-12-06 19:29 22 --a------ C:\WINDOWS\system32\ati64hl2.stb
2007-12-06 18:57 . 2007-12-06 19:35 9,728 --a------ C:\cp.exe
2007-12-06 18:50 . 2007-12-06 19:48 90,980 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-06 18:50 . 2007-12-06 19:48 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-06 18:49 . 2007-12-06 18:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-06 18:49 . 2007-12-06 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-12-06 18:49 . 2007-12-06 23:24 1,008,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-06 18:49 . 2007-12-06 23:25 21,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-06 18:49 . 2007-12-06 21:17 14,996 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-06 18:49 . 2007-12-06 21:17 2,180 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-06 18:48 . 2007-12-06 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-12-06 18:05 . 2007-12-06 19:33 815,627 ---hs---- C:\WINDOWS\system32\wgprscpr.ini
2007-12-06 18:00 . 2007-12-06 18:00 74,304 --a------ C:\WINDOWS\system32\ilunveap.exe
2007-12-06 17:56 . 2007-12-06 17:57 67,980 --a------ C:\mlah.exe
2007-12-06 17:43 . 2007-12-06 17:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-06 16:52 . 2007-12-06 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2007-12-05 21:14 . 2007-12-05 21:14 29 --a------ C:\WINDOWS\system32\qofwaeis.tmp
2007-12-05 21:13 . 2007-12-06 17:57 20,992 --a------ C:\gfifrww.exe
2007-12-05 21:13 . 2007-12-05 21:16 2 --a------ C:\1150636148
2007-12-05 21:12 . 2007-12-05 21:13 71 --a------ C:\WINDOWS\system32\i
2007-12-05 20:15 . 2007-12-05 20:15 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-12-05 20:15 . 2007-12-05 20:16 <DIR> d-------- C:\Documents and Settings\grassik\Dane aplikacji\teamspeak2
2007-12-05 20:15 . 2007-12-05 20:15 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-12-05 20:07 . 2007-12-05 20:07 <DIR> d-------- C:\Program Files\directx
2007-12-05 19:31 . 2007-12-05 20:07 750 --a------ C:\WINDOWS\Sof2.INI
2007-12-05 19:11 . 2007-12-05 19:11 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-05 18:46 . 2007-12-05 20:29 <DIR> d-------- C:\Program Files\Xfire
2007-12-05 18:46 . 2007-12-06 22:39 <DIR> d-------- C:\Documents and Settings\grassik\Dane aplikacji\Xfire
2007-12-05 16:53 . 2007-12-05 16:53 <DIR> d-------- C:\Documents and Settings\grassik\Dane aplikacji\Gadu-Gadu
2007-12-05 16:50 . 2007-12-05 21:10 <DIR> d-------- C:\Documents and Settings\grassik\Gadu-Gadu
2007-12-05 16:48 . 2007-12-05 16:48 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-05 16:36 . 2001-08-17 22:03 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 16:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-06 16:49 --------- d-----w C:\Program Files\Symantec
2007-12-06 16:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2007-12-05 15:39 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-05 15:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 19:42 --------- d-----w C:\Program Files\Neostrada TP
2007-12-04 19:36 --------- d-----w C:\Program Files\SAGEM
2007-12-04 19:36 --------- d-----w C:\Program Files\Java
2007-12-04 19:34 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-04 19:25 --------- d-----w C:\Documents and Settings\grassik\Dane aplikacji\Symantec
2007-12-04 19:24 --------- d-----w C:\Documents and Settings\grassik\Dane aplikacji\InterTrust
2007-12-04 19:18 --------- d-----w C:\Program Files\Marvell
2007-12-04 19:17 --------- d-----w C:\Program Files\Intel
2007-12-04 19:17 --------- d-----w C:\Program Files\Gigabyte
2007-12-04 19:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-04 19:09 --------- d-----w C:\Program Files\ATI Technologies
2007-12-04 19:09 --------- d-----w C:\Program Files\ATI Technologie
2007-12-04 19:01 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-04 19:00 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 18:29]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 21:10]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 08:47 C:\WINDOWS\SOUNDMAN.EXE]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"smsger"="C:\WINDOWS\System32\Win.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"smsger"="C:\WINDOWS\System32\Win.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 23:25:19
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 23:25:35
C:\ComboFix2.txt ... 2007-12-06 21:19
C:\ComboFix3.txt ... 2007-12-06 21:14
.
--- E O F ---

[pp3088]

C:\WINDOWS\System32\Win.exe
C:\WINDOWS\system32\i
C:\1150636148
C:\gfifrww.exe
C:\WINDOWS\system32\qofwaeis.tmp
C:\mlah.exe
C:\WINDOWS\system32\ilunveap.exe
C:\WINDOWS\system32\wgprscpr.ini
C:\cp.exe
C:\WINDOWS\system32\iqutnexu.exe
C:\WINDOWS\system32\dklrgsxs.ini

Usuń pliki w trybie awaryjnym(start>>uruchom>>wpisz msconfig>>zakładka boot.ini zaznaczasz safeboot i restart)

[Leon$]

Otwórz notatnik i wklej

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smsger"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"smsger"=-

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

Pobierz SmitFraudFix https://www.instalki.pl/programy/download/Windows/antyspyware/SmitFraudFix.html
uruchom z pozycji 2 w trybie awaryjnym

potem nowy log z Combofixa