Zrobiłem skan i otrzymałem takie dane:
ComboFix 10-08-27.03 - Wójcik 2010-08-28 13:54:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1014.452 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Wójcik\Pulpit\Nowy folder\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SEC
c:\windows\SEC\DelMt.cmd
c:\windows\SEC\JRE150.exe
c:\windows\SEC\Marker.exe
c:\windows\SEC\MEMIO.sys
c:\windows\SEC\MEMIO.vxd
c:\windows\SEC\MP10POL.exe
c:\windows\SEC\SECINSTALL.EXE
c:\windows\SEC\SECINSTALL.INI
c:\windows\SEC\StartMem.exe
c:\windows\system32\EXPLORER.EXE
.
((((((((((((((((((((((((( Pliki utworzone od 2010-07-28 do 2010-08-28 )))))))))))))))))))))))))))))))
.
2010-08-27 18:18 . 2010-08-27 18:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-27 18:05 . 2010-08-27 18:05 -------- d-----w- c:\program files\Common Files\Skype
2010-08-27 18:05 . 2010-08-27 18:06 -------- d-----r- c:\program files\Skype
2010-08-27 18:05 . 2010-08-27 18:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2010-08-07 20:52 . 2008-04-15 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 20:42 . 2010-06-22 10:23 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2010-08-10 14:31 . 2010-07-08 15:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-07-11 13:30 . 2010-07-11 13:30 4096 ----a-w- c:\windows\system32\07B.tmp
2010-07-07 19:17 . 2010-07-07 14:40 -------- d-----w- c:\program files\JDownloader
2010-07-07 16:39 . 2010-07-07 16:39 -------- d-----w- c:\program files\Microsoft.NET
2010-07-07 15:44 . 2009-04-15 10:18 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-07 14:41 . 2010-07-07 14:41 -------- d-----w- c:\program files\kikin
2010-07-07 14:40 . 2010-07-07 14:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-07-07 14:40 . 2009-04-15 10:22 -------- d-----w- c:\program files\Java
2010-07-01 09:15 . 2010-06-28 16:47 -------- d-----w- c:\program files\PhotoScape
2010-06-22 10:10 . 2010-06-22 10:10 0 ----a-w- c:\windows\nsreg.dat
2010-06-18 17:15 . 2009-04-15 19:01 49910 ----a-w- c:\windows\system32\perfc015.dat
2010-06-18 17:15 . 2009-04-15 19:01 356068 begin_of_the_skype_highlighting 01 356068 end_of_the_skype_highlighting ----a-w- c:\windows\system32\perfh015.dat
2008-04-15 12:00 . 2009-04-15 19:01 153300 --sha-r- c:\windows\system32\ywjthk.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-04-13 15:30 766640 ----a-w- c:\program files\kikin\ie_kikin.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-04-15 36972]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2166:TCP"= 2166:TCP:zxekh
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-04-15 4300]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-01-14 30208]
R3 hspabus;SAMSUNG HSPA USB Composite Device driver (WDM);c:\windows\system32\drivers\hspabus.sys [2009-04-15 91776]
R3 hspamdfl;SAMSUNG HSPA Modem Filter;c:\windows\system32\drivers\hspamdfl.sys [2009-04-15 14976]
R3 hspamdm;SAMSUNG HSPA Modem Drivers;c:\windows\system32\drivers\hspamdm.sys [2009-04-15 119808]
R3 hspaserd;SAMSUNG HSPA Modem Diagnostic Serial Port (WDM);c:\windows\system32\drivers\hspaserd.sys [2009-04-15 98560]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-04-15 238464]
S2 crpam;Manager Monitor;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]
S2 culhp;Manager Universal;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 135664]
S2 qzvre;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]
S2 xovqxd;Center Helper;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 glwuf;glwuf;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]
S3 rbzoqq;rbzoqq;\??\c:\windows\system32\06.tmp --> c:\windows\system32\06.tmp [?]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-08-01 19840]
S3 tndchjrl;tndchjrl;c:\windows\system32\07B.tmp [2010-07-11 4096]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
culhp
.
Zawartość folderu 'Zaplanowane zadania'
2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 10:34]
2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 10:34]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.plus.pl
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Connection Wizard,ShellNext = hxxp://www.plus.pl/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\
FF - prefs.js: browser.startup.homepage - http://www.google.pl
FF - component: c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_0.dll
FF - component: c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_6.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-wsctf.exe - wsctf.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 13:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\glwuf]
"ImagePath"="\??\c:\windows\system32\08.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rbzoqq]
"ImagePath"="\??\c:\windows\system32\06.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tndchjrl]
"ImagePath"="\??\c:\windows\system32\07B.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\crpam]
"ServiceDll"="c:\windows\system32\ywjthk.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\culhp]
"ServiceDll"="c:\windows\system32\ywjthk.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qzvre]
"ServiceDll"="c:\windows\system32\ywjthk.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xovqxd]
"ServiceDll"="c:\windows\system32\ywjthk.dll"
.
Czas ukończenia: 2010-08-28 13:59:47
ComboFix-quarantined-files.txt 2010-08-28 11:59
Przed: 68 675 989 504 bajtów wolnych
Po: 68 673 216 512 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - F8B1083A478BE77CB09236A8FC3B57FC
I nic nie pomogło strona ms nie działa, prosze o szybka odpowiedz na moje gg: 5252046 lub meila: v-tec5@o2.pl
Tanie konta Hotfile, MU, Fileserve i inne: http://www.rapids4you.hostdell.pl/