g data znalazl mi cos takiego: Podczas Otwórz pliku “C:\System Volume Information_restore{8C72F01D-A54A-46D6-B367-8C126D4E9F50}\RP43\A0019308.DLL” odkryto wirusa “not-a-virus:AdTool.Win32.MyWebSearch.i” przy pomocy skanera “Engine A”. Pliki wyczyszczone: Nie. Pliki usunięte: Nie. Kwarantanna: Nie.

no dobra to daj tego loga najpierw

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:53:43, on 2008-04-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe

C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe

D:\programy\eMule\emule.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\G DATA TotalCare\AVK\AVKService.exe

C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe

C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe

C:\Program Files\G DATA TotalCare\GUI\avkis.exe

C:\Program Files\G DATA TotalCare\AVKTuner\AVKTunerService.exe

C:\WINDOWS\system32\DllHost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA TotalCare\Webfilter\AvkWebIE.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [GDFirewallTray] C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe

O4 - HKLM…\Run: [AVKTray] “C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: G DATA Firewall Tray.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKService.exe

O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe

O23 - Service: G DATA Tuner Service - G DATA Software - C:\Program Files\G DATA TotalCare\AVKTuner\AVKTunerService.exe

O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

–

End of file - 4635 bytes

Log wyglada na czysty

Pokaż log z Combofix

Wyłącz i ponownie włącz przywracanie systemu.

ComboFix 08-04-17.1 - iwonka 2008-04-18 20:28:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1323 [GMT 2:00]

Running from: C:\Documents and Settings\iwonka\Dane aplikacji\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

The following files were disabled during the run:

C:\Program Files\iolo\Common\Lib\sguard.dll

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))

.

2008-04-18 18:33 . 2008-04-18 18:33

2008-04-17 19:16 . 2008-04-17 19:16 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-04-17 19:11 . 2008-04-18 16:00

2008-04-17 19:10 . 2008-04-17 19:10

2008-04-17 19:10 . 2008-04-17 19:10

2008-04-17 19:10 . 2008-04-17 19:10

2008-04-17 16:47 . 2008-04-17 16:47 22,328 --a------ C:\Documents and Settings\iwonka\Dane aplikacji\PnkBstrK.sys

2008-04-17 16:46 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-04-17 16:46 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-04-17 16:46 . 2008-04-17 16:46 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-04-17 16:46 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-04-16 18:48 . 2008-04-16 18:48

2008-04-16 18:29 . 2008-04-18 18:28 1,437 --a------ C:\WINDOWS\SysMech6.INI

2008-04-16 18:20 . 2006-12-20 12:39 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll

2008-04-16 18:20 . 2006-03-28 01:54 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe

2008-04-16 18:20 . 2005-09-12 13:20 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe

2008-04-15 21:37 . 2008-04-15 21:37

2008-04-15 16:39 . 2008-04-18 18:17

2008-04-15 16:39 . 2008-04-15 16:39 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys

2008-04-15 16:39 . 2008-04-15 16:39 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys

2008-04-15 16:39 . 2008-04-18 18:18 103 --a------ C:\WINDOWS\Backup.INI

2008-04-15 16:37 . 2008-04-15 16:37

2008-04-15 16:37 . 2008-04-15 16:39

2008-04-15 16:37 . 2005-04-20 21:31 474,624 -----c— C:\WINDOWS\system32\dllcache\wzcsvc.dll

2008-04-15 16:37 . 2006-11-01 09:17 69,120 --------- C:\WINDOWS\system32\wlanapi.dll

2008-04-15 16:37 . 2005-04-20 21:31 52,736 -----c— C:\WINDOWS\system32\dllcache\wzcsapi.dll

2008-04-15 16:37 . 2008-04-15 16:37 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2008-04-15 16:37 . 2008-04-15 16:37 19,328 --a------ C:\WINDOWS\system32\drivers\GDNdisIc.sys

2008-04-15 16:37 . 2005-04-20 01:54 14,592 -----c— C:\WINDOWS\system32\dllcache\ndisuio.sys

2008-04-15 16:36 . 2008-04-15 16:39

2008-04-15 16:36 . 2008-04-15 16:37

2008-04-14 17:23 . 2008-04-16 18:20

2008-04-14 17:23 . 2008-04-14 17:23 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg

2008-04-13 11:27 . 2004-08-04 00:44 16,384 --a------ C:\WINDOWS\system32\ipsink.ax

2008-04-13 11:27 . 2004-08-04 00:44 16,384 --a–c— C:\WINDOWS\system32\dllcache\ipsink.ax

2008-04-13 11:27 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2008-04-13 11:27 . 2004-08-03 23:10 15,360 --a–c— C:\WINDOWS\system32\dllcache\streamip.sys

2008-04-13 11:27 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-04-13 11:27 . 2004-08-03 23:10 10,880 --a–c— C:\WINDOWS\system32\dllcache\ndisip.sys

2008-04-13 11:27 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-04-13 11:27 . 2004-08-03 22:58 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys

2008-04-13 11:25 . 2008-04-13 11:25

2008-04-13 11:25 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-04-13 11:25 . 2004-08-03 23:07 59,264 --a–c— C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-04-13 11:25 . 2002-06-21 18:51 49,152 --a------ C:\WINDOWS\AMCap.exe

2008-04-12 16:56 . 2008-04-12 16:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-11 13:27 . 2008-04-11 13:27

2008-04-11 13:27 . 2008-04-11 13:27

2008-04-11 05:29 . 2008-04-11 05:31 38 --a------ C:\WINDOWS\avisplitter.INI

2008-04-11 02:01 . 2008-04-11 02:01

2008-04-11 02:01 . 2008-04-11 02:01

2008-04-11 01:15 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-04-11 01:07 . 2008-04-11 01:25

2008-04-10 18:40 . 2008-04-10 18:40

2008-04-10 18:40 . 2008-04-10 18:40

2008-04-10 18:40 . 2008-04-10 18:40

2008-04-10 18:40 . 2008-04-10 18:40

2008-04-08 17:55 . 2008-04-08 17:55

2008-04-08 16:47 . 2008-04-08 16:47 4,096 --a------ C:\WINDOWS\system32\crash

2008-04-08 16:46 . 2008-04-08 16:46

2008-04-06 05:50 . 2008-04-17 16:47 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-04-06 05:50 . 2008-04-17 16:46 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-04-06 05:50 . 2008-04-17 16:47 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-06 05:48 . 2008-04-06 05:48

2008-04-06 01:14 . 2008-04-06 01:14

2008-04-05 23:55 . 2008-04-06 01:21 319 --a------ C:\WINDOWS\game.ini

2008-04-05 17:19 . 2008-04-05 17:19

2008-04-05 17:19 . 2008-04-05 22:02 1,192 --a------ C:\WINDOWS\ARCHPR4.INI

2008-04-05 14:11 . 2008-04-05 14:12

2008-04-05 14:11 . 2008-04-05 14:16

2008-04-04 23:24 . 2008-04-04 23:24

2008-04-04 23:04 . 2008-04-04 23:05

2008-04-03 23:21 . 2008-04-03 23:21

2008-04-03 00:55 . 2008-04-03 00:55

2008-04-03 00:28 . 2008-04-18 18:06

2008-04-03 00:18 . 2008-04-03 00:18

2008-04-03 00:12 . 2008-04-03 00:13

2008-04-03 00:10 . 2008-04-03 00:10 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-02 14:14 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-02 14:09 . 2004-08-04 02:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-04-02 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-04-02 14:08 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2008-04-02 14:08 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-04-02 14:06 . 2004-08-04 01:27 1,896,400 --a–c— C:\WINDOWS\system32\dllcache\NT5.CAT

2008-04-02 14:05 . 2008-04-02 12:17 261 --a------ C:\WINDOWS\system32$winnt$.inf

2008-04-02 13:19 . 2008-04-10 19:04 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-02 13:19 . 2008-04-10 19:04 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-02 12:49 . 2008-04-02 12:49

2008-04-02 12:47 . 2006-12-28 18:44 84,992 -ra------ C:\WINDOWS\system32\drivers\AtiHdAud.sys

2008-04-02 12:19 . 2008-04-18 20:30 1,024 --ah----- C:\Documents and Settings\iwonka\ntuser.dat.LOG

2008-04-02 12:18 . 2008-04-18 19:36 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

2008-04-02 12:18 . 2008-04-18 19:36 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG

2008-04-02 12:17 . 2008-04-18 20:29

2008-04-02 12:17 . 2008-04-02 14:06

2008-04-02 12:17 . 2008-04-02 12:12

2008-04-02 12:17 . 2008-04-02 14:06

2008-04-02 12:17 . 2008-04-02 14:06

2008-04-02 12:17 . 2008-04-02 14:06

2008-04-02 12:17 . 2008-04-08 16:46

2008-04-02 12:16 . 2001-10-26 19:28 13,463,552 --a–c— C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-04-02 12:15 . 2004-08-04 00:44 2,134,528 --a–c— C:\WINDOWS\system32\dllcache\smtpsnap.dll

2008-04-02 12:14 . 2001-07-22 04:53 4,399,505 --a–c— C:\WINDOWS\system32\dllcache\nls302en.lex

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-04-02 12:14 . 2008-04-02 12:14 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest

2008-04-02 12:14 . 2008-04-02 12:14 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest

2008-04-02 12:14 . 2008-04-02 12:14 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-04-02 12:12 . 2001-10-26 19:28 2,178,131 --a–c— C:\WINDOWS\system32\dllcache\shvlres.dll

2008-04-02 12:11 . 2004-08-04 00:43 1,352,704 --a–c— C:\WINDOWS\system32\dllcache\cimwin32.dll

2008-03-30 16:06 . 2008-04-02 12:22

2008-03-30 16:00 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe

2008-03-30 15:39 . 2008-04-03 00:36

2008-03-30 13:15 . 2008-04-02 12:24

2008-03-30 13:15 . 2008-04-02 17:51

2008-03-30 13:11 . 2008-04-10 08:56

2008-03-30 12:29 . 2008-03-30 13:40 16 --------- C:\WINDOWS\system32\coh.cache

2008-03-30 12:27 . 2008-03-30 12:27

2008-03-30 12:02 . 2008-03-30 12:02

2008-03-30 12:02 . 2008-03-30 12:02

2008-03-30 12:02 . 2008-03-30 11:16

2008-03-30 12:02 . 2008-03-30 12:02

2008-03-30 12:02 . 2008-03-30 12:02

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 14:36 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-15 14:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-15 14:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-04-02 22:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft

2008-04-02 10:59 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-04-02 10:42 --------- d-----w C:\Program Files\Realtek

2008-04-02 10:24 --------- d-----w C:\Program Files\DIFX

2008-04-02 10:24 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-02 10:24 --------- d-----w C:\Program Files\Common Files\ATI Technologies

2008-04-02 10:24 --------- d-----w C:\Program Files\ATI Technologies

2008-04-02 10:22 --------- d-----w C:\Documents and Settings\iwonka\Dane aplikacji\InstallShield

2008-04-02 10:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI

2008-03-30 09:39 315,392 ------w C:\WINDOWS\HideWin.exe

2008-03-30 09:19 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-30 09:18 --------- d-----w C:\Program Files\Usługi online

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-04 10:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SMSystemAnalyzer”=“C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe” [2006-12-20 12:38 557056]

“eMuleAutoStart”=“D:\programy\eMule\emule.exe” [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]

“Alcmtr”=“ALCMTR.EXE” [2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe]

“GDFirewallTray”=“C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe” [2007-10-25 11:09 1189552]

“AVKTray”=“C:\Program Files\G DATA TotalCare\AVKTray\AVKTray.exe” [2007-11-22 12:36 598016]

“SystemGuardAlerter”=“C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe” [2006-12-20 12:38 386048]

“ioloDelayModule”=“C:\Program Files\iolo\System Mechanic 6\delay.exe” [2005-06-08 13:31 96256]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

G DATA Firewall Tray.lnk - C:\Program Files\G DATA TotalCare\Firewall\GDFirewallTray.exe [2008-04-15 16:37:33 1189552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“Shell”="explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“E:\wic\wic.exe”=

“E:\wic\wic_online.exe”=

“E:\wic\wic_ds.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 GDNdisIc;GDNdisIc;C:\WINDOWS\system32\drivers\GDNdisIc.sys [2008-04-15 16:37]

R2 AVKProxy;G DATA AntiVirus Proxy;“C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe” [2007-11-08 03:22]

R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA TotalCare\AVK\AVKService.exe [2007-11-14 03:24]

R2 AVKWCtl;Strażnik AntiVirus;C:\Program Files\G DATA TotalCare\AVK\AVKWCtl.exe [2007-11-14 10:53]

R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2008-04-15 16:37]

R3 GDFwSvc;G DATA Personal Firewall;C:\Program Files\G DATA TotalCare\Firewall\GDFwSvc.exe [2007-10-24 14:26]

R3 GDMnIcpt;GDMnIcpt;C:\WINDOWS\system32\drivers\MiniIcpt.sys [2008-04-15 16:39]

R3 HookCentre;HookCentre;C:\WINDOWS\system32\drivers\HookCentre.sys [2008-04-15 16:39]

R3 PAC7311;Trust WB-3300p Mini HiRes Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-10-18 11:48]

S3 G DATA Tuner Service;G DATA Tuner Service;C:\Program Files\G DATA TotalCare\AVKTuner\AVKTunerService.exe [2007-11-07 10:54]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-02 12:59]

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-14 18:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - iwonka.job”

• C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 20:30:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

• C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\lsass.exe

• C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\csrss.exe

• C:\Program Files\iolo\Common\Lib\sguard.dll

.

Completion time: 2008-04-18 20:30:43

ComboFix-quarantined-files.txt 2008-04-18 18:30:38

Pre-Run: 18,617,606,144 bajtów wolnych

Post-Run: 18,613,329,920 bajtów wolnych

.

2008-04-15 17:41:29 — E O F —

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Prawoklik na Mój Komputer>>>>Właściwości>>Przywracanie systemu>> wyłącz przywracanie systemu na wszystkich dyskach.