Dzięki za pomoc!
Mieszkam w USA, nie wiem skąd się wzięły te DNS-y z Holandii.
Wpisy usunęłam, a tu jest log z ComboFix:
http://wklej.org/id/8f208d2c8d
Czy już wszystko w porządku?
Podejrzewam, że w autostarcie jest trochę za dużo, bo bardzo długo się włącza, ale to już nie takie ważne. Byle tylko wirusów nie było.
Dziękuję jeszcze raz za pomoc!
Złączono Posta : 20.10.2007 (Sob) 0:34
Wkleję tutaj, bo mnie tamten link teraz nie chce działać.
ComboFix 07-10-17.8@ - Owner 2007-10-18 0:36:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.198 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\xOe C:\Temp\xOe\tOasF.log C:\WINDOWS\IA C:\WINDOWS\system32\instsrv.exe C:\WINDOWS\system32\q21 C:\WINDOWS\system32\vMW02a D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 ))))))))))))))))))))))))))))))) . 2007-10-18 00:35 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-16 10:46 12,560 --a------ C:\WINDOWS\system32\bbchk.exe 2007-10-16 10:44 9,580,157 --a------ C:\temp\salm_kyf.dat 2007-10-11 16:53 2007-10-10 10:07 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 21:50 2007-10-09 21:45 2007-10-09 16:23 2007-10-09 10:02 525,387 —hs---- C:\WINDOWS\system32\dgjlm.ini2 2007-10-09 01:14 521,369 —hs---- C:\WINDOWS\system32\dgjlm.bak2 2007-10-09 00:30 2007-10-08 22:52 2007-10-08 22:52 2007-10-08 22:52 2007-10-08 22:52 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat 2007-10-08 17:14 2007-10-06 19:35 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-18 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2007-10-18 05:35 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype 2007-10-17 05:23 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-10-17 05:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-10 08:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec 2007-10-10 08:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec 2007-10-10 05:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-10 03:09 --------- d-----w C:\Program Files\QuickTime 2007-10-10 03:09 --------- d-----w C:\Program Files\Multimedia Card Reader 2007-10-10 03:09 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-09 21:59 --------- d-----w C:\Program Files\Dialer.pl 2007-10-09 06:02 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-09 06:02 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-09 06:02 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-09 06:02 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-09 06:02 --------- d-----w C:\Program Files\Symantec 2007-10-09 04:40 161 ----a-w C:\Delme.bat 2007-10-09 04:40 --------- d-----w C:\Program Files\SubEdit-Player 2007-10-07 00:35 --------- d-----w C:\Program Files\Skype 2007-09-13 14:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-09-13 03:27 --------- d-----w C:\Program Files\Common Files\LogiShrd 2007-09-13 00:52 --------- d-----w C:\Program Files\Logitech 2007-09-05 17:44 --------- d-----w C:\Program Files\Audacity 2007-09-01 11:33 --------- d-----w C:\Program Files\Yahoo! 2007-08-29 12:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2007-08-29 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO 2007-08-27 22:13 97,672 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-08-27 22:13 537,992 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-27 22:13 31,624 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-08-27 22:13 28,040 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-08-27 22:13 23,944 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-08-27 22:13 189,320 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-08-27 22:13 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-27 22:13 12,680 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-20 01:37 --------- d-----w C:\Program Files\ConsoleClassix.com 2007-08-08 21:30 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2007-08-02 23:11 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2007-08-02 23:11 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-27 20:49 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll 2007-07-27 20:49 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll 2007-07-19 00:44 465,432 ----a-w C:\WINDOWS\system32\LVUI2RC.dll 2007-07-19 00:43 490,008 ----a-w C:\WINDOWS\system32\LVUI2.dll 2007-07-19 00:40 416,280 ----a-w C:\WINDOWS\system32\LVCodec2.dll 2007-07-19 00:40 195,096 ----a-w C:\WINDOWS\system32\lvci1110.dll 2007-07-18 23:55 19,344 ----a-w C:\WINDOWS\system32\Repository.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [1998-05-07 18:04] “HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2003-04-07 09:07] “CamMonitor”=“c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe” [2002-10-07 09:23] “HPHmon05”=“C:\WINDOWS\System32\hphmon05.exe” [2003-05-23 04:55] “KBD”=“C:\HP\KBD\KBD.EXE” [2003-02-11 22:02] “UpdateManager”=“C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” [2003-08-19 10:01] “AutoTKit”=“C:\hp\bin\AUTOTKIT.EXE” [2003-06-18 21:19] “Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [2002-09-13 23:42] “VTTimer”=“VTTimer.exe” [2004-10-22 11:53 C:\WINDOWS\system32\VTTimer.exe] “LTMSG”=“LTMSG.exe” [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe] “PS2”=“C:\WINDOWS\system32\ps2.exe” [2002-10-16 18:57] “Sunkist2k”=“C:\Program Files\Multimedia Card Reader\shwicon2k.exe” [2003-08-14 21:11] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2004-03-18 20:01] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2004-05-12 15:18] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2004-11-24 17:24] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2004-12-25 13:36] “AlcxMonitor”=“ALCXMNTR.EXE” [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE] “mmtask”=“C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe” [2006-01-17 13:03] “LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-07-25 16:02] “LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” [2007-07-25 16:06] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-22 22:19] “Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 18:30] “WT GameChannel”=“C:\Program Files\WildTangent\Apps\GameChannel.exe” [2007-10-16 10:44] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll” [2003-08-19 04:56 C:\WINDOWS\system32\nview.dll] “BackupNotify”=“c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe” [2003-06-22 23:25] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 11:24] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:56] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:31] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 17:45] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-08-29 09:49] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 09:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] “FFTI”=C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles/bkbj28qr.Domyslny uzytkownik\extensions{B13721C7-F507-4982-B2E5-502A71474FED}” C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2003-10-14 00:24:52] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0a\aoltray.exe [2004-02-11 21:12:32] Device Detector 2.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2005-03-20 15:38:16] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 10:20:40] Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-09-03 08:45:28] Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 15:12:08] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 10:05:56] Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48] Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-11 00:26:40] ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys S3 GameConsoleService;GameConsoleService;“C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe” S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a5fe4116-70b9-11d8-b293-806d6172696f}] AutoRun\command - D:\Info.exe folder.htt 480 480 *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the ‘Scheduled Tasks’ folder “2007-10-13 02:22:38 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job” . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-18 00:42:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-18 0:43:23 . — E O F —