zainstalowałam to jak trzeba, bez antywirka, komputer się wyłączył, włączył i widać już tylko tyle, żadnego raportu: http://img152.imageshack.us/img152/4079 … fixut6.png
W dniu 08.07.2008 , o godzinie 12:18 został dopisany post przez IllegalPrincess
ComboFix 08-07-07.3 - User 2008-07-08 11:58:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.171 [GMT 2:00]
Running from: C:\Documents and Settings\User\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\Brygida\ResErrors.log
C:\Documents and Settings\Multimedia\ResErrors.log
C:\Documents and Settings\User\Application Data\ErrorProtector Free
C:\Documents and Settings\User\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\User\ravmonlog
C:\Documents and Settings\User\ResErrors.log
C:\kmd.exe
C:\Program Files\Common Files\update
C:\Program Files\Common Files\update\updated.exe
C:\Program Files\GamesBar\oberontb.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MICROSOFT_AGENT
-------\Service_Microsoft Agent
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.
2008-07-07 19:42 . 2008-07-07 19:42
2008-07-07 15:43 . 2008-07-07 15:43
2008-07-07 15:43 . 2008-07-07 15:43
2008-07-03 12:10 . 2008-07-03 12:10 95,232 -r-hsc— C:\WINDOWS\system32\dllcache\qxchost.exe
2008-07-02 14:47 . 2008-07-02 14:47 1,103,742 --a------ C:\rqr.exe
2008-07-02 14:47 . 2008-02-11 08:05 628,224 --ahs---- C:\WINDOWS\system32\Juchde.exe
2008-07-02 14:47 . 2008-02-11 06:07 118,784 --a------ C:\WINDOWS\system32\cscaer.exe
2008-07-02 14:47 . 2007-03-23 16:52 56,552 --ahs---- C:\WINDOWS\system32\Juchdp.exe
2008-07-02 14:47 . 2005-04-09 21:12 30,720 --a------ C:\WINDOWS\system32\reotspnwy.dll
2008-07-02 14:47 . 2008-07-01 08:07 18,988 --ahs---- C:\WINDOWS\system32\ortecxar.pif
2008-07-02 14:47 . 2008-07-08 12:08 4,676 --ahs---- C:\WINDOWS\system32\wrda.sys
2008-07-02 14:47 . 2008-07-01 09:11 391 --ahs---- C:\WINDOWS\system32\vburcs.cmd
2008-07-01 13:54 . 2008-07-01 07:04 30,512 --ahs---- C:\WINDOWS\system32\brecxar.CPX
2008-07-01 13:54 . 2008-03-04 08:55 24,493 --ahs---- C:\WINDOWS\system32\erecxar.CPX
2008-07-01 13:54 . 2008-05-22 08:20 21,031 --ahs---- C:\WINDOWS\system32\arecxar.CPX
2008-07-01 13:54 . 2007-03-05 23:59 8,091 --ahs---- C:\WINDOWS\system32\crecxar.CPX
2008-07-01 13:54 . 2008-07-02 14:47 296 --ahs---- C:\WINDOWS\system32\dremxar.CPX
2008-06-30 15:52 . 2008-06-30 15:51 90,232 --ahs---- C:\WINDOWS\system32\wanrs(2).exe
2008-06-30 15:30 . 2008-07-02 14:43
2008-06-11 15:09 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:09 . 2008-06-13 15:10 272,128 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 16:56 . 2008-06-10 16:56 88,696 -r-hs---- C:\WINDOWS\system32\wans.exe
2008-06-09 19:59 . 2008-07-03 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 19:59 . 2008-06-09 19:59 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 19:58 . 2008-06-09 19:58
2008-06-09 19:53 . 2008-06-09 19:55
2008-06-09 19:53 . 2008-06-09 19:57
2008-06-09 19:51 . 2008-06-09 19:51
2008-06-09 19:50 . 2008-06-09 19:50
2008-06-09 19:50 . 2008-06-09 19:50
2008-06-08 22:12 . 2008-06-08 22:12
2008-06-08 22:02 . 2008-06-08 22:12
2008-06-08 15:55 . 2008-06-08 15:55
2008-06-08 15:54 . 2008-06-08 15:54
2008-06-08 15:54 . 2008-06-08 15:54
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 09:59 --------- d-----w C:\Program Files\GamesBar
2008-07-08 09:53 --------- d-----w C:\Program Files\Neostrada TP
2008-07-02 12:42 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-06-20 11:18 --------- d-----w C:\Program Files\Lx_cats
2008-06-19 20:25 --------- d-----w C:\Documents and Settings\User\Application Data\GanymedeNet
2008-06-08 23:27 30,588 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2008-06-06 15:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-06 15:18 --------- d-----w C:\Program Files\Legacy Interactive
2008-06-01 16:35 --------- d-----w C:\Program Files\Alwil Software
2008-05-30 20:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 21:04 --------- d-----w C:\Documents and Settings\User\Application Data\Yahoo!
2008-05-16 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-16 18:52 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 18:50 --------- d-----w C:\Program Files\Yahoo!
2008-05-16 18:50 --------- d-----w C:\Program Files\Shockwave.com
2008-05-11 13:25 --------- d-----w C:\Program Files\Neoact
2008-05-10 13:55 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-10 13:55 --------- d-----w C:\Program Files\LucasArts
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2007-01-24 20:26 7,902 ----a-w C:\Program Files\hs_err_pid5380.log
2002-06-07 00:47 520 ----a-w C:\Documents and Settings\User\setup.bat
2002-05-21 15:05 2,383,872 ----a-w C:\Documents and Settings\User\gta3.exe
2002-04-26 14:37 338,432 ----a-w C:\Documents and Settings\User\Mss32.dll
2001-12-27 22:00 100,864 ----a-w C:\Documents and Settings\User\uha.exe
2000-08-06 22:11 20,992 ----a-w C:\Documents and Settings\User\pak.exe
2008-02-11 06:05 628,224 --sha-w C:\WINDOWS\system32\Juchde.exe
2007-03-23 14:52 56,552 --sha-w C:\WINDOWS\system32\Juchdp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 14:00 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-06-12 17:33 20002856]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-08-31 10:47 1961984]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-05-15 20:40 68856]
“ares”=“C:\Program Files\Ares\Ares.exe” [2007-05-04 02:32 961024]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
“AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 14:18 2351864]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 13:56 64512]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38 866816]
“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07 53248]
“LXCGCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll” [2005-07-20 19:48 73728]
“lxcgmon.exe”=“C:\Program Files\Lexmark 2300 Series\lxcgmon.exe” [2005-07-21 08:08 200704]
“EzPrint”=“C:\Program Files\Lexmark 2300 Series\ezprint.exe” [2005-08-01 14:05 94208]
“FaxCenterServer”=“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” [2005-07-12 15:36 299008]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-03-28 23:37 413696]
“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-06-10 18:52 1447168]
“VTTimer”=“VTTimer.exe” [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]
“VTTrayp”=“VTtrayp.exe” [2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
“SoundMan”=“SOUNDMAN.EXE” [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-10 14:00 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“RunNarrator”=“Narrator.exe” [2004-08-10 14:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.l3codecp”= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\JoWooD\Alien Nations\Bin\AN.exe”=
“C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Ares\Ares.exe”=
“C:\Program Files\Alien Nations 2 PL\Bin\Game.exe”=
“C:\Program Files\WapSter\AQQ\AQQ.exe”=
“C:\PROGRA~1\WapSter\AQQ\AQQ.exe”=
“C:\WINDOWS\system32\wans.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“14967:TCP”= 14967:TCP:NortonAV
“13395:TCP”= 13395:TCP:NortonAV
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 WANS;Windows Automated Network Service;C:\WINDOWS\system32\wans.exe [2008-06-10 16:56]
S2 SRVStarter_Lerex;Service Starter: Lerex;C:\WINDOWS\system32\Juchdp.exe [2007-03-23 16:52]
S2 SRVStarter_nerw;Service Starter: nerw;C:\WINDOWS\system32\Juchdp.exe [2007-03-23 16:52]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\C.tmp []
S3 TrojanFindDriverNT;TrojanFindDriverNT;C:\WINDOWS\system32\NtDriver.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9892df6d-9980-11db-b352-000e50e9b2ac}]
\Shell\AutoRun\command - I:\ntde1ect.com
\Shell\explore\Command - I:\ntde1ect.com
\Shell\open\Command - I:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9dc3d4b6-f279-11dc-b5f5-000e50e9b2ac}]
\Shell\AutoRun\command - I:\oufddh.exe
\Shell\explore\Command - I:\oufddh.exe
\Shell\open\Command - I:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ec2f4e5f-1d26-11dd-b64b-000e50e9b2ac}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
.
HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe
HKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe
HKLM-Run-Ad Muncher - C:\Program Files\Ad Muncher\AdMunch.exe
HKLM-Run-tguard - C:\Program Files\Beniamin\tguard.exe
Notify-WgaLogon - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 12:05:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRVStarter_Lerex]
“ImagePath”="“C:\WINDOWS\system32\Juchdp.exe” /Name:SRVStarter_Lerex /App:“C:\WINNT\system32\Juchde.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRVStarter_nerw]
“ImagePath”="“C:\WINDOWS\system32\Juchdp.exe” /Name:SRVStarter_nerw /App:“C:\WINDOWS\system32\Juchde.exe”"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
“ImagePath”="??\C:\WINDOWS\TEMP\C.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\Juchde.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
.
**************************************************************************
.
Completion time: 2008-07-08 12:17:44 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2008-07-08 10:17:29
Pre-Run: 124,922,736,640 bytes free
Post-Run: 125,820,563,456 bajt˘w wolnych
226 — E O F — 2008-06-20 12:34:40
W dniu 08.07.2008 , o godzinie 12:19 został dopisany post przez IllegalPrincess
wybaczcie, że tak, ale komputer by mi się wyłączył i by wszystko na marne poszło.