Problem z netem - rozłącza mnie

Dla specjalistów Bezpieczeństwo
#1

Witam. Proszę o pomoc, ponieważ często wywala mnie z netu, a poza tym komp mi się wiesza.:frowning:

oto log z HJ:

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Netia\Net\netianet.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Save\Save.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dom\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto

O4 - HKLM…\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause

O4 - HKLM…\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU…\Run: [Google Update] “C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” /c

O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

O4 - HKCU…\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … p=ZRfox000

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{C095194D-88B8-4AFE-97FC-752B385D5470}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

End of file - 9029 bytes

#2

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

#3

Witam

Sorry, że dopiero teraz odpisuje, ale wyjechałem i nie miałem kiedy przeprowadzić “operacji”

Wykonałem wszystkie wskazówki, ale chyba coś jeszcze jest nie tak:(. teraz pojawia mi się cały czas okno “wystąpił problem z aplikacje system.exe i zostanie ona zamknięta” co kilka minut mi to wyskakuje. a netia nie łączy mnie za każdym razem:(

Proszę czy możesz spojrzeć na nowego loga. może nie wszystko się usunęło?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:09:08, on 2009-03-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\system.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Netia\Net\netianet.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Save\Save.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\dom\Pulpit\11111111111111\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\system.exe

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto

O4 - HKLM…\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe”

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Google Update] “C:\Documents and Settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” /c

O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe”

O4 - HKCU…\Run: [Mozillacorp] C:\WINDOWS\system32\system.exe

O4 - HKCU…\Run: [Microsoft Windows Automatic Update] C:\RECYCLER\S-1-5-21-0594903031-2594896453-259458659-7650\mwau.exe

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

End of file - 6473 bytes

pozdrawiam

i czekam na wskazówki

#4

Skoro tak to dlaczego nie dałeś loga z usuwania Combofix

#5

ComboFix 09-03-06.02 - dom 2070-01-15 22:52:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.675 [GMT 1:00]

Uruchomiony z: c:\documents and settings\dom\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\dom\Pulpit\11111111111111\CFScript.txt

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\History\search

c:\windows\system32\087.exe

c:\windows\system32\873.exe

c:\windows\system32\system.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2069-12-01 do 2070-01-01 )))))))))))))))))))))))))))))))

.

2070-01-01 23:51 . 2070-01-01 23:51 25,131 --a------ c:\documents and settings\dom\878137.exe

2070-01-01 19:24 . 2070-01-01 19:24 26,155 --a------ c:\documents and settings\dom\575037.exe

2070-01-01 19:19 . 2070-01-01 19:19 26,155 --a------ c:\documents and settings\dom\875385.exe

2070-01-01 19:16 . 2070-01-01 19:16 26,155 --a------ c:\documents and settings\dom\885240.exe

2070-01-01 19:15 . 2070-01-01 19:15 26,155 --a------ c:\documents and settings\dom\505576.exe

2070-01-01 19:13 . 2070-01-01 19:13 26,155 --a------ c:\documents and settings\dom\030350.exe

2070-01-01 19:04 . 2070-01-01 19:04 26,155 --a------ c:\documents and settings\dom\176873.exe

2070-01-01 18:59 . 2070-01-01 18:59 26,155 --a------ c:\documents and settings\dom\788821.exe

2070-01-01 15:30 . 2070-01-01 15:30 25,131 --a------ c:\documents and settings\dom\135853.exe

2070-01-01 06:03 . 2070-01-01 06:03 26,155 --a------ c:\documents and settings\dom\603322.exe

2070-01-01 05:46 . 2070-01-01 05:46 26,155 --a------ c:\documents and settings\dom\032635.exe

2070-01-01 05:25 . 2070-01-01 05:25 25,131 --a------ c:\documents and settings\dom\633427.exe

2070-01-01 05:22 . 2070-01-01 05:22 77,824 --a------ c:\windows\system32\367.exe

2070-01-01 05:22 . 2070-01-01 05:22 25,131 --a------ c:\documents and settings\dom\062005.exe

2070-01-01 03:56 . 2070-01-01 03:56 57,344 --a------ c:\windows\system32\422.exe

2070-01-01 03:56 . 2070-01-01 03:56 25,131 --a------ c:\documents and settings\dom\252411.exe

2070-01-01 03:53 . 2070-01-01 03:53 25,131 --a------ c:\documents and settings\dom\218233.exe

2070-01-01 03:46 . 2070-01-01 03:46 25,131 --a------ c:\documents and settings\dom\450363.exe

2070-01-01 03:16 . 2070-01-01 03:16 4,096 --a------ c:\windows\system32\014.exe

2070-01-01 03:13 . 2070-01-01 03:13 25,131 --a------ c:\documents and settings\dom\248165.exe

2070-01-01 03:08 . 2070-01-01 03:08 57,344 --a------ c:\windows\system32\276.exe

2070-01-01 03:05 . 2070-01-01 03:05 25,131 --a------ c:\documents and settings\dom\556776.exe

2070-01-01 03:00 . 2070-01-01 03:00 57,344 --a------ c:\windows\system32\756.exe

2070-01-01 03:00 . 2070-01-01 03:00 25,131 --a------ c:\documents and settings\dom\344668.exe

2070-01-01 02:56 . 2070-01-01 02:56 25,131 --a------ c:\documents and settings\dom\584263.exe

2070-01-01 02:55 . 2070-01-01 02:55 25,131 --a------ c:\documents and settings\dom\444127.exe

2070-01-01 02:46 . 2070-01-01 02:46 25,131 --a------ c:\documents and settings\dom\630117.exe

2070-01-01 02:42 . 2070-01-01 02:42 25,131 --a------ c:\documents and settings\dom\034807.exe

2070-01-01 02:15 . 2070-01-01 02:15 16,384 --a------ c:\windows\system32\202.exe

2070-01-01 02:14 . 2070-01-01 02:14 16,384 --a------ c:\windows\system32\620.exe

2070-01-01 02:03 . 2070-01-01 02:03 16,384 --a------ c:\windows\system32\788.exe

2070-01-01 02:02 . 2070-01-01 02:02 122,368 --a------ c:\documents and settings\dom\304773.exe

2070-01-01 02:01 . 2009-02-23 16:28 122,368 -rahs---- c:\windows\system32\system.exe

2070-01-01 02:01 . 2070-01-01 02:01 122,368 --a------ c:\windows\system32\846265.exe

2070-01-01 02:01 . 2070-01-01 02:01 122,368 --a------ c:\windows\system32\256234.exe

2070-01-01 02:01 . 2070-01-01 02:01 122,368 --a------ c:\documents and settings\dom\811317.exe

2070-01-01 02:01 . 2070-01-01 02:02 57,344 --a------ c:\windows\system32\757.exe

2070-01-01 02:01 . 2070-01-01 02:01 25,131 --a------ c:\windows\system32\776873.exe

2070-01-01 02:01 . 2070-01-01 02:01 15,872 --a------ c:\windows\system32\807.exe

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-12 16:23 22,200 ----a-w c:\documents and settings\dom\Dane aplikacji\GDIPFONTCACHEV1.DAT

2006-05-24 14:38 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-18 15:00 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-05-18 14:59 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll

2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2007-09-13 22880040]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-10-28 94208]

“WhenUSave”=“c:\program files\Save\Save.exe” [2006-08-25 803184]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-08-04 1667584]

“Google Update”=“c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2008-11-25 133104]

“CTSyncU.exe”=“c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe” [2007-07-17 868352]

“Mozillacorp”=“c:\windows\system32\system.exe” [2009-02-23 122368]

“Microsoft Windows Automatic Update”=“c:\recycler\S-1-5-21-4285863623-6785221191-521928844-8852\mwau.exe” [2009-02-23 122368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2004-12-15 5513216]

“NvMediaCenter”=“c:\windows\System32\NvMcTray.dll” [2004-12-15 86016]

“NeroFilterCheck”=“c:\windows\System32\NeroCheck.exe” [2001-07-09 155648]

“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]

“LogitechVideoRepair”=“c:\program files\Logitech\Video\ISStart.exe” [2004-02-12 188416]

“LogitechVideoTray”=“c:\program files\Logitech\Video\LogiTray.exe” [2004-02-12 77824]

“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]

“NETIANET”=“c:\program files\Netia\Net\netianet.exe” [2007-05-18 493568]

“CTCheck”=“c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe” [2007-11-06 397312]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-02-21 148888]

“SoundMan”=“SOUNDMAN.EXE” [2003-04-24 c:\windows\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2004-12-15 c:\windows\system32\nwiz.exe]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.enc”= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\iMesh Applications\iMesh\iMesh.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\WINDOWS\system32\system.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-09-28 14336]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-02 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-02 85696]

— Inne Usługi/Sterowniki w Pamięci —

*Deregistered* - Mozillacorp

.

Zawartość folderu ‘Zaplanowane zadania’

2070-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1123561945-682003330-1003.job

  • c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-25 19:20]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-eMuleAutoStart - d:\program files\eMule\emule.exe

.

------- Skan uzupełniający -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 14:05:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\ATKKBService.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\LVComS.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

.

**************************************************************************

.

Czas ukończenia: 2070-01-01 2:04:03 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2070-01-01 01:03:59

Przed: 53 976 260 608 bajtów wolnych

Po: 54,871,199,744 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect /NoExecute=OptIn

178

I jak to wygląda?

#6

No cóż wygląda niedobrze żeby nie powiedzieć inaczej

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Pobierz i użyj Windows Worms Doors Cleaner http://helpc.eu/viewtopic.php?f=26&t=33

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

#7

Witam.

Mam pytanko.; Zrobiłem poszczególne kroki. Kiedy przeciągam plik na combofixa komp się zawiesza. Za 1 razem pojawił się niebieski ekran combo i napis że rozpoczyna proces i tak było 1h po czym myszka została zblokowana i tylko twardy reset. spróbowałem jeszcze raz i już nie pojawiło się więcej okno. brak reakcji kompa.

Co to może być?

pozdr

#8

Wejdź w tryb awaryjny windows (F8 przed bootem windowsa) i uruchom Combofixa skryptem

#9

Witam

Po perturbacjach udało się dokończyć combofix, a poniżej log :

Czy teraz wszystko będzie ok?

ComboFix 09-03-06.02 - dom 2009-03-10 19:11:39.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.827 [GMT 1:00]

Uruchomiony z: c:\documents and settings\dom\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\dom\Pulpit\CFScript.txt

FILE ::

c:\documents and settings\dom\030350.exe

c:\documents and settings\dom\032635.exe

c:\documents and settings\dom\034807.exe

c:\documents and settings\dom\062005.exe

c:\documents and settings\dom\135853.exe

c:\documents and settings\dom\176873.exe

c:\documents and settings\dom\218233.exe

c:\documents and settings\dom\248165.exe

c:\documents and settings\dom\252411.exe

c:\documents and settings\dom\304773.exe

c:\documents and settings\dom\344668.exe

c:\documents and settings\dom\444127.exe

c:\documents and settings\dom\450363.exe

c:\documents and settings\dom\505576.exe

c:\documents and settings\dom\556776.exe

c:\documents and settings\dom\575037.exe

c:\documents and settings\dom\584263.exe

c:\documents and settings\dom\603322.exe

c:\documents and settings\dom\630117.exe

c:\documents and settings\dom\633427.exe

c:\documents and settings\dom\788821.exe

c:\documents and settings\dom\811317.exe

c:\documents and settings\dom\875385.exe

c:\documents and settings\dom\878137.exe

c:\documents and settings\dom\885240.exe

c:\windows\system32\014.exe

c:\windows\system32\202.exe

c:\windows\system32\256234.exe

c:\windows\system32\276.exe

c:\windows\system32\367.exe

c:\windows\system32\422.exe

c:\windows\system32\620.exe

c:\windows\system32\756.exe

c:\windows\system32\757.exe

c:\windows\system32\776873.exe

c:\windows\system32\788.exe

c:\windows\system32\807.exe

c:\windows\system32\846265.exe

c:\windows\system32\system.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\dom\030350.exe

c:\documents and settings\dom\032635.exe

c:\documents and settings\dom\034807.exe

c:\documents and settings\dom\062005.exe

c:\documents and settings\dom\135853.exe

c:\documents and settings\dom\176873.exe

c:\documents and settings\dom\218233.exe

c:\documents and settings\dom\248165.exe

c:\documents and settings\dom\252411.exe

c:\documents and settings\dom\304773.exe

c:\documents and settings\dom\344668.exe

c:\documents and settings\dom\444127.exe

c:\documents and settings\dom\450363.exe

c:\documents and settings\dom\505576.exe

c:\documents and settings\dom\556776.exe

c:\documents and settings\dom\575037.exe

c:\documents and settings\dom\584263.exe

c:\documents and settings\dom\603322.exe

c:\documents and settings\dom\630117.exe

c:\documents and settings\dom\633427.exe

c:\documents and settings\dom\788821.exe

c:\documents and settings\dom\811317.exe

c:\documents and settings\dom\875385.exe

c:\documents and settings\dom\878137.exe

c:\documents and settings\dom\885240.exe

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\dll32.exe

c:\windows\system32\014.exe

c:\windows\system32\130.exe

c:\windows\system32\136.exe

c:\windows\system32\182.exe

c:\windows\system32\202.exe

c:\windows\system32\256234.exe

c:\windows\system32\276.exe

c:\windows\system32\325.exe

c:\windows\system32\338.exe

c:\windows\system32\356.exe

c:\windows\system32\367.exe

c:\windows\system32\375.exe

c:\windows\system32\422.exe

c:\windows\system32\425.exe

c:\windows\system32\461.exe

c:\windows\system32\464.exe

c:\windows\system32\472.exe

c:\windows\system32\514.exe

c:\windows\system32\573.exe

c:\windows\system32\620.exe

c:\windows\system32\681.exe

c:\windows\system32\726.exe

c:\windows\system32\756.exe

c:\windows\system32\757.exe

c:\windows\system32\776873.exe

c:\windows\system32\786.exe

c:\windows\system32\788.exe

c:\windows\system32\807.exe

c:\windows\system32\845.exe

c:\windows\system32\846265.exe

c:\windows\system32\852.exe

c:\windows\system32\864.exe

c:\windows\system32\874.exe

c:\windows\system32\system.exe

F:\autorun.inf

F:\MS32DLL.dll.vbs

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-10 do 2009-03-10 )))))))))))))))))))))))))))))))

.

2009-02-21 18:36 . 2009-02-21 18:35 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-21 18:36 . 2009-02-21 18:35 73,728 --a------ c:\windows\system32\javacpl.cpl

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2070-01-15 21:37 --------- d-----w c:\program files\BearShare

2070-01-01 17:58 --------- d-----w c:\documents and settings\dom\Dane aplikacji\Skype

2009-03-10 13:20 --------- d-----w c:\program files\AdvancedDVDPlayerPro

2009-02-23 12:20 --------- d-----w c:\documents and settings\dom\Dane aplikacji\uTorrent

2009-02-21 17:35 --------- d-----w c:\program files\Java

2009-02-17 16:59 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-02-09 10:50 --------- d-----w c:\program files\SkanerOnline

2009-01-28 15:42 --------- d-----w c:\program files\Kraina Gier

2009-01-28 15:40 --------- d-----w c:\program files\Corel

2009-01-10 18:42 --------- d-----w c:\documents and settings\dom\Dane aplikacji\Creative

2008-09-12 16:23 22,200 ----a-w c:\documents and settings\dom\Dane aplikacji\GDIPFONTCACHEV1.DAT

2006-05-24 14:38 233,472 ----a-w c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll

2006-05-18 15:00 204,895 ----a-w c:\program files\mozilla firefox\plugins\ctdomemhelper.dll

2005-09-29 12:41 77,824 ----a-w c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll

2006-05-18 14:59 426,081 ----a-w c:\program files\mozilla firefox\plugins\ctplayerobject.dll

2005-02-02 10:19 458,752 ----a-w c:\program files\mozilla firefox\plugins\imagickrt.dll

2006-04-10 16:35 139,264 ----a-w c:\program files\mozilla firefox\plugins\rlcontentclass.dll

2005-11-09 09:10 204,800 ----a-w c:\program files\mozilla firefox\plugins\RLMusicPacker.dll

2005-11-09 09:42 106,496 ----a-w c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll

2006-01-04 09:22 212,992 ----a-w c:\program files\mozilla firefox\plugins\RLVoicePacker.dll

2006-01-04 09:21 167,936 ----a-w c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll

.

((((((((((((((((((((((((((((( SnapShot@2070-01-01_ 2.03.12.14 )))))))))))))))))))))))))))))))))))))))))

.

  • 2009-03-10 18:16:00 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7cc.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2007-09-13 22880040]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-10-28 94208]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-08-04 1667584]

“Google Update”=“c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe” [2008-11-25 133104]

“CTSyncU.exe”=“c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe” [2007-07-17 868352]

“Microsoft Windows Automatic Update”=“c:\recycler\S-1-5-21-7370575555-2135642413-676572206-2805\mwau.exe” [2009-03-10 0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“c:\windows\System32\NvCpl.dll” [2004-12-15 5513216]

“NvMediaCenter”=“c:\windows\System32\NvMcTray.dll” [2004-12-15 86016]

“NeroFilterCheck”=“c:\windows\System32\NeroCheck.exe” [2001-07-09 155648]

“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]

“LogitechVideoRepair”=“c:\program files\Logitech\Video\ISStart.exe” [2004-02-12 188416]

“LogitechVideoTray”=“c:\program files\Logitech\Video\LogiTray.exe” [2004-02-12 77824]

“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 159744]

“NETIANET”=“c:\program files\Netia\Net\netianet.exe” [2007-05-18 493568]

“CTCheck”=“c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe” [2007-11-06 397312]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-02-21 148888]

“SoundMan”=“SOUNDMAN.EXE” [2003-04-24 c:\windows\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2004-12-15 c:\windows\system32\nwiz.exe]

“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.enc”= ITIG726.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\iMesh Applications\iMesh\iMesh.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2002-09-28 14336]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-11-02 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-11-02 85696]

.

Zawartość folderu ‘Zaplanowane zadania’

2009-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1123561945-682003330-1003.job

  • c:\documents and settings\dom\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-25 19:20]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Mozillacorp - c:\windows\system32\system.exe

.

------- Skan uzupełniający -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-10 19:16:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

c:\docume~1\dom\USTAWI~1\Temp\BIT5.tmp 0 bytes

c:\docume~1\dom\USTAWI~1\Temp\GUR1.tmp 0 bytes

skanowanie pomyślnie ukończone

ukryte pliki: 2

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\ATKKBService.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\LVComS.exe

c:\program files\Common Files\Teleca Shared\CapabilityManager.exe

c:\program files\Common Files\Teleca Shared\Generic.exe

c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

.

**************************************************************************

.

Czas ukończenia: 2009-03-10 19:18:51 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-03-10 18:18:04

ComboFix2.txt 2070-01-01 01:04:04

Przed: 56 895 045 632 bajtów wolnych

Po: 56,886,472,704 bajtów wolnych

246

Czekam na odpowiedź i dziękuję za wszelką pomoc

pozdr

#10

Wklej do notatnika:

File::

c:\docume~1\dom\USTAWI~1\Temp\BIT5.tmp

c:\docume~1\dom\USTAWI~1\Temp\GUR1.tmp

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

cfscript10uc2.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.org a w poście dajesz tylko link