Adware.Agent.BN - Forum IDG.pl - miejsce dyskusji o IT

Zasady forum eksperckiego

Forum "Firewalle: Ekspert Dagma odpowiada..." służy wyłącznie do uzyskiwania informacji na temat ochrony sieci firmowych i prywatnych za pomocą zapór sieciowych oraz produktów firmy Dagma. Prosimy o umieszczanie w tym forum jedynie wątków merytorycznych. Prosimy NIE odbiegać od tematu w danym wątku. Jeśli istnieje konieczność zmiany tematu prosimy o rozpoczęcie nowego wątku.

Uwaga! Wszelkie prośby o sprawdzenie loga prosimy publikować w dziale: Bezpieczeństwo komputera i sieci. Jeśli zostaną zamieszczone tutaj, to będą usuwane.

Ekspert z Dagmy będzie odpowiadał na Wasze pytania co tydzień, więc prosimy nie ponaglać i nie złościć jeśli nie otrzymacie odpowiedzi w ciągu kilku dni. Po prostu dajcie szansę ekspertowi na zapoznanie się z Waszym problemem.

Życzymy owocnych spotkań!

(3 Stron)
1
2
3
→

Nie możesz rozpocząć nowego tematu
Ten temat jest zamknięty

Adware.Agent.BN wirusy... Oceń temat: 1 Głosów

#1 Wysok

Adept

Grupa: Forumowicze
Postów: 3
Dołączył: 16-luty 08
Płeć:Mężczyzna
Lokalizacja:Lublin, Polska

Napisany 16 luty 2008 - 18:40

Mam na komputerze antywirusy Norton 360 i Avira Antyvir...
Wczoraj sciagnolem Spyware Doctor i ciogle wykrywa mi 2 wirusy:

Adware.agent.BN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin, at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin, it

I nie moge go usunoc choc proboje 100 razy ;/ A na dodatek on sciaga mi nowe virusy ;/ PRosze o POMOC !

Log z ComboFixa

ComboFix 08-02-16.2 - p 2008-02-17 18:36:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.70 [GMT 1:00]
Running from: C:\Documents and Settings\p\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 18:36 . 2008-02-17 18:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 19:06 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-15 18:32 . 2008-02-15 18:32 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-02-15 16:39 . 2008-02-17 18:33 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-15 16:39 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-15 16:39 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-15 16:39 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-15 16:39 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-15 16:38 . 2008-02-15 17:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-15 16:38 . 2008-02-15 16:38 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\PC Tools
2008-02-15 12:52 . 2008-02-15 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-02-14 20:20 . 2008-02-14 17:58 245,760 --a------ C:\WINDOWS\dmdqdrxqdv.dll
2008-02-14 20:20 . 2008-02-14 17:58 217,088 --a------ C:\WINDOWS\bdmnopx.dll
2008-02-14 20:20 . 2008-02-14 17:58 196,608 --a------ C:\WINDOWS\admggxp.dll
2008-02-14 20:20 . 2008-02-14 17:58 172,032 --a------ C:\WINDOWS\emotrlq.dll
2008-02-14 20:20 . 2008-02-14 17:58 81,920 --a------ C:\WINDOWS\fsxloqf.exe
2008-02-14 17:56 . 2008-02-14 17:56 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-14 17:56 . 2008-02-14 17:56 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-07 22:28 . 2008-02-07 22:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-29 21:41 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-29 21:41 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 21:40 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-26 21:43 . 2008-01-26 21:43 32 --a------ C:\WINDOWS\go
2008-01-26 21:11 . 2008-01-26 21:11 <DIR> d-------- C:\Documents and Settings\p\WINDOWS
2008-01-17 18:42 . 2008-01-17 18:42 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:08 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\OpenOffice.org2
2008-02-17 10:59 --------- d-----w C:\Program Files\Winamp Remote
2008-02-15 16:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-02-13 22:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:01 --------- d-----w C:\Program Files\Norton 360
2008-01-16 11:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 11:01 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-16 11:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 11:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 11:01 --------- d-----w C:\Program Files\Symantec
2008-01-03 19:40 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Graphisoft
2008-01-02 18:56 --------- d-----w C:\Program Files\Graphisoft
2008-01-02 18:49 --------- d-----w C:\Program Files\QuickTime
2008-01-02 18:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-02 18:48 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 17:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-27 15:33 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Autodesk
2007-12-27 15:31 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-27 15:30 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-27 15:30 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-12-27 15:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-27 15:30 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 15:30 --------- d-----w C:\Program Files\Autodesk
2007-12-27 15:30 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-27 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-12-26 11:40 --------- d-----w C:\Program Files\BearShare
2007-12-26 11:12 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Creative
2007-12-26 10:58 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Winamp
2007-12-25 21:30 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Desperate Housewives
2007-12-25 19:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-25 19:26 --------- d-----w C:\Program Files\Java
2007-12-25 19:22 --------- d-----w C:\Program Files\Common Files\Java
2007-12-25 11:02 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-25 11:02 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-25 10:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-25 10:20 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-25 10:19 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Gotowe na wszystko
2007-12-25 10:19 --------- d-----w C:\Documents and Settings\Default User\Dane aplikacji\Gotowe na wszystko
2007-12-25 10:14 --------- d-----w C:\Program Files\Buena Vista Games
2007-12-25 10:13 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\InstallShield
2007-12-24 22:18 --------- d-----w C:\Program Files\Winamp
2007-12-24 22:00 --------- d-----w C:\Program Files\BearShare Applications
2007-12-24 21:38 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Gadu-Gadu
2007-12-24 21:33 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-24 21:27 --------- d-----w C:\Program Files\Creative
2007-12-24 21:26 --------- d-----w C:\Program Files\Audible
2007-12-24 21:25 --------- d--h--w C:\Program Files\Creative Installation Information
2007-12-24 21:24 --------- d-----w C:\Program Files\Common Files\Creative
2007-12-24 21:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2007-12-21 22:43 --------- d-----w C:\Program Files\Ubisoft
2007-12-20 20:24 --------- d-----w C:\Program Files\A4Tech
2007-12-20 20:19 --------- d-----w C:\Program Files\VUGames
2007-12-20 20:17 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2007-12-20 20:16 --------- d-----w C:\Program Files\Google
2007-12-20 18:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-20 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 17:18 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-20 17:17 --------- d-----w C:\Program Files\Microsoft Works
2007-12-20 17:07 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-20 17:07 --------- d-----w C:\Program Files\Ahead
2007-12-20 17:02 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-20 17:02 --------- d-----w C:\Program Files\Nonbrand
2007-12-20 16:57 --------- d-----w C:\Program Files\Avira
2007-12-20 16:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira
2007-12-20 16:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-12-20 16:44 --------- d-----w C:\Program Files\AvRack
2007-12-20 16:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 16:04 --------- d-----w C:\Program Files\Usługi online
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4DE1459-9941-48DB-AEFF-88A903379276}]
2008-02-14 17:58 245760 --a------ C:\WINDOWS\dmdqdrxqdv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{37B85A29-692B-4205-9CAD-2626E4993404}
{380F14D3-BD6F-4F5A-984A-70CC23EEA61D}

[HKEY_CLASSES_ROOT\clsid\{380f14d3-bd6f-4f5a-984a-70cc23eea61d}]
[HKEY_CLASSES_ROOT\emotrlq.1]
[HKEY_CLASSES_ROOT\TypeLib\{F2B4F460-B1D0-4A86-A047-353D7E2F566F}]
[HKEY_CLASSES_ROOT\emotrlq]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-20 18:25 249896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 06:59 192512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SBI"="C:\Documents and Settings\p\Pulpit\install_sbd_en.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\p\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdmnopx"= {A00E51E8-6A9B-4F19-8F1B-90C25F8E2F1B} - C:\WINDOWS\bdmnopx.dll [2008-02-14 17:58 217088]
"admggxp"= {146508D7-1BA4-4D34-AAA2-A217783AEBB8} - C:\WINDOWS\admggxp.dll [2008-02-14 17:58 196608]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-08-25 10:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b29d2f-bd23-11dc-9bad-00142ae0c826}]
\Shell\Auto\command - H:\UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 19:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:38:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SBI = C:\Documents and Settings\p\Pulpit\install_sbd_en.exe?@???@????????????|???????|?(?|?????,?|????0??????????? ???????(/?? ???"????????P??4????&?|?????%?|????????h[??????????????????)??|\?6~???????????????| ?????????7~??7~\???????????????????????????x?@?\??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\bdmnopx.dll
.
Completion time: 2008-02-17 18:39:49
ComboFix-quarantined-files.txt 2008-02-17 17:39:43
ComboFix2.txt 2008-02-17 17:18:47
ComboFix3.txt 2008-02-16 20:03:50
ComboFix4.txt 2008-02-16 19:51:17
.
2008-02-15 18:08:41 --- E O F ---

Log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37, on 2008-02-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\kmd.exe
C:\ComboFix\nircmd.cfexe
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\findstr.exe
C:\WINDOWS\system32\findstr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SXG Advisor - {F4DE1459-9941-48DB-AEFF-88A903379276} - C:\WINDOWS\dmdqdrxqdv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: emotrlq - {380F14D3-BD6F-4F5A-984A-70CC23EEA61D} - C:\WINDOWS\emotrlq.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\p\Pulpit\install_sbd_en.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198167326671
O21 - SSODL: bdmnopx - {A00E51E8-6A9B-4F19-8F1B-90C25F8E2F1B} - C:\WINDOWS\bdmnopx.dll
O21 - SSODL: admggxp - {146508D7-1BA4-4D34-AAA2-A217783AEBB8} - C:\WINDOWS\admggxp.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8993 bytes

Jeszcze raz prosze o POMOC !

Wróć do góry of the page up there ^

#2 Raven555

Entuzjasta

Grupa: Forumowicze
Postów: 2845
Dołączył: 30-sierpień 07

Napisany 16 luty 2008 - 18:49

Do sfixowania:
O2 - BHO: SXG Advisor - {F4DE1459-9941-48DB-AEFF-88A903379276} - C:\WINDOWS\dmdqdrxqdv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: emotrlq - {380F14D3-BD6F-4F5A-984A-70CC23EEA61D} - C:\WINDOWS\emotrlq.dll
O21 - SSODL: bdmnopx - {A00E51E8-6A9B-4F19-8F1B-90C25F8E2F1B} - C:\WINDOWS\bdmnopx.dll
O21 - SSODL: admggxp - {146508D7-1BA4-4D34-AAA2-A217783AEBB8} - C:\WINDOWS\admggxp.dll

Wróć do góry of the page up there ^

#3 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 16 luty 2008 - 19:19

Czyli, tłumacząc z polskiego na "nasze":
Wklej do Notatnika:

File::
H:\UFO.exe
C:\WINDOWS\dmdqdrxqdv.dll
C:\WINDOWS\bdmnopx.dll
C:\WINDOWS\admggxp.dll
C:\WINDOWS\emotrlq.dll
C:\WINDOWS\fsxloqf.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b29d2f-bd23-11dc-9bad-00142ae0c826}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdmnopx"=-
"admggxp"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4DE1459-9941-48DB-AEFF-88A903379276}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-
"{380F14D3-BD6F-4F5A-984A-70CC23EEA61D}"=-
[-HKEY_CLASSES_ROOT\clsid\{380f14d3-bd6f-4f5a-984a-70cc23eea61d}]
[-HKEY_CLASSES_ROOT\emotrlq.1]
[-HKEY_CLASSES_ROOT\TypeLib\{F2B4F460-B1D0-4A86-A047-353D7E2F566F}]
[-HKEY_CLASSES_ROOT\emotrlq]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku --> Dodaj obrazek

Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to:
Po restarcie usuń ręcznie folder C: \Qoobox.

===========================
F.

Wróć do góry of the page up there ^

#4 Wysok

Adept

Grupa: Forumowicze
Postów: 3
Dołączył: 16-luty 08
Płeć:Mężczyzna
Lokalizacja:Lublin, Polska

Napisany 16 luty 2008 - 22:18

Zrobilem tak jak mowiliscie i jest log taki:

ComboFix 08-02-16.2 - p 2008-02-17 22:12:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.42 [GMT 1:00]
Running from: C:\Documents and Settings\p\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\p\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE
C:\WINDOWS\admggxp.dll
C:\WINDOWS\bdmnopx.dll
C:\WINDOWS\dmdqdrxqdv.dll
C:\WINDOWS\emotrlq.dll
C:\WINDOWS\fsxloqf.exe
H:\UFO.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\admggxp.dll
C:\WINDOWS\bdmnopx.dll
C:\WINDOWS\dmdqdrxqdv.dll
C:\WINDOWS\emotrlq.dll
C:\WINDOWS\fsxloqf.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-17 18:36 . 2008-02-17 18:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-15 19:06 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-15 18:32 . 2008-02-15 18:32 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione
2008-02-15 16:39 . 2008-02-17 22:11 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-15 16:39 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-15 16:39 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-15 16:39 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-15 16:39 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-15 16:38 . 2008-02-15 17:06 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-15 16:38 . 2008-02-15 16:38 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\PC Tools
2008-02-15 12:52 . 2008-02-15 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-02-14 17:56 . 2008-02-14 17:56 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-14 17:56 . 2008-02-14 17:56 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-07 22:28 . 2008-02-07 22:28 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-29 21:41 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-29 21:41 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-29 21:40 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-26 21:43 . 2008-01-26 21:43 32 --a------ C:\WINDOWS\go
2008-01-26 21:11 . 2008-01-26 21:11 <DIR> d-------- C:\Documents and Settings\p\WINDOWS
2008-01-17 18:42 . 2008-01-17 18:42 <DIR> d-------- C:\Documents and Settings\p\Dane aplikacji\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:10 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\OpenOffice.org2
2008-02-17 10:59 --------- d-----w C:\Program Files\Winamp Remote
2008-02-15 16:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-02-13 22:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 22:01 --------- d-----w C:\Program Files\Norton 360
2008-01-16 11:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 11:01 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-16 11:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 11:01 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 11:01 --------- d-----w C:\Program Files\Symantec
2008-01-03 19:40 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Graphisoft
2008-01-02 18:56 --------- d-----w C:\Program Files\Graphisoft
2008-01-02 18:49 --------- d-----w C:\Program Files\QuickTime
2008-01-02 18:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-01-02 18:48 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 17:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2007-12-27 15:33 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Autodesk
2007-12-27 15:31 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-27 15:30 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-27 15:30 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-12-27 15:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-27 15:30 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 15:30 --------- d-----w C:\Program Files\Autodesk
2007-12-27 15:30 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-27 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-12-26 11:40 --------- d-----w C:\Program Files\BearShare
2007-12-26 11:12 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Creative
2007-12-26 10:58 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Winamp
2007-12-25 21:30 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Desperate Housewives
2007-12-25 19:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-25 19:26 --------- d-----w C:\Program Files\Java
2007-12-25 19:22 --------- d-----w C:\Program Files\Common Files\Java
2007-12-25 11:02 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-25 11:02 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-25 10:49 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-25 10:20 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-12-25 10:19 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Gotowe na wszystko
2007-12-25 10:19 --------- d-----w C:\Documents and Settings\Default User\Dane aplikacji\Gotowe na wszystko
2007-12-25 10:14 --------- d-----w C:\Program Files\Buena Vista Games
2007-12-25 10:13 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\InstallShield
2007-12-24 22:18 --------- d-----w C:\Program Files\Winamp
2007-12-24 22:00 --------- d-----w C:\Program Files\BearShare Applications
2007-12-24 21:38 --------- d-----w C:\Documents and Settings\p\Dane aplikacji\Gadu-Gadu
2007-12-24 21:33 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-24 21:27 --------- d-----w C:\Program Files\Creative
2007-12-24 21:26 --------- d-----w C:\Program Files\Audible
2007-12-24 21:25 --------- d--h--w C:\Program Files\Creative Installation Information
2007-12-24 21:24 --------- d-----w C:\Program Files\Common Files\Creative
2007-12-24 21:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2007-12-21 22:43 --------- d-----w C:\Program Files\Ubisoft
2007-12-20 20:24 --------- d-----w C:\Program Files\A4Tech
2007-12-20 20:19 --------- d-----w C:\Program Files\VUGames
2007-12-20 20:17 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2007-12-20 20:16 --------- d-----w C:\Program Files\Google
2007-12-20 18:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-20 18:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 17:18 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-20 17:17 --------- d-----w C:\Program Files\Microsoft Works
2007-12-20 17:07 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-20 17:07 --------- d-----w C:\Program Files\Ahead
2007-12-20 17:02 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-12-20 17:02 --------- d-----w C:\Program Files\Nonbrand
2007-12-20 16:57 --------- d-----w C:\Program Files\Avira
2007-12-20 16:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira
2007-12-20 16:44 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-12-20 16:44 --------- d-----w C:\Program Files\AvRack
2007-12-20 16:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-20 16:04 --------- d-----w C:\Program Files\Usługi online
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 17:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-07 02:14 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-20 18:25 249896]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 06:59 192512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SBI"="C:\Documents and Settings\p\Pulpit\install_sbd_en.exe" [ ]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\p\Menu Start\Programy\Autostart\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48 393216]

R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-08-25 10:09]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 19:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:15:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SBI = C:\Documents and Settings\p\Pulpit\install_sbd_en.exe?@???@????????????|???????|?(?|?????,?|????0??????????? ???????(/?? ???"????????P??4????&?|?????%?|????????h[??????????????????)??|\?6~???????????????| ?????????7~??7~\???????????????????????????x?@?\??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 22:16:49
ComboFix-quarantined-files.txt 2008-02-17 21:16:45
ComboFix2.txt 2008-02-17 17:39:50
ComboFix3.txt 2008-02-17 17:18:47
ComboFix4.txt 2008-02-16 20:03:50
ComboFix5.txt 2008-02-16 19:51:17
.
2008-02-15 18:08:41 --- E O F ---

I teraz resetuje kompa i usuwam ten folder
////////////////////
Zrobilem tak przeskanowalem kompa Spyware doctor byly 2 trojany jakies ununolem i 2 raz przeskanowalem i nic nie bylo... to chyba znaczy ze jest ok ale jeszcze moge zrobic na wszelki wypadek skana i dac tu log?

Wróć do góry of the page up there ^

#5 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 16 luty 2008 - 23:26

Log jest teraz czysty!

Kosmetyka:
Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBI"=-

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

========================
F.

Wróć do góry of the page up there ^

#6 Wysok

Adept

Grupa: Forumowicze
Postów: 3
Dołączył: 16-luty 08
Płeć:Mężczyzna
Lokalizacja:Lublin, Polska

Napisany 17 luty 2008 - 14:24

Narazie jest wszytko OK ! Jak cos to bede pisac

Wielkie dzięki

ps.
Co mi dala ta kosmetyka

Wróć do góry of the page up there ^

#7 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 17 luty 2008 - 14:37

Wysok, o 17-02-2008, 15:24, powiedział:

Co mi dala ta kosmetyka

To, że przy starcie Systemu nie będzie system tracił czasu na próby włączania tego, co się nie da włączyć, bo nie ma pliku.

=========================
F.

Wróć do góry of the page up there ^

#8 Pawcio194

Adept

Grupa: Forumowicze
Postów: 5
Dołączył: 21-luty 08
Płeć:Mężczyzna
Lokalizacja:Częstochowa, Polska

Ikona postu Napisany 21 luty 2008 - 21:27

Hejka jestem tu nowy i tez mam podobny problem:
otoz tez sobie zaintalowalem spyware doctora i on mi wykrywa Aware Ahent.BN
Na dodatek wyskakuja mi w trakcie pracy komunikaty:

Security Warning!

Worm.Win32.NetSky detected on your machine. This Virus is Distributed via The internet trought e-mail adn Active-X objects the Worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distibutes itself. in worst cases this worm can allow atackers to acces your computer, stealing passwords and personal data.
This process should be removed from your system.

Type: Virus
System Affecter: Windows 200, NT, ME, XP, Vista
Security Risk (O-5) : 5
Recomendations : click Yes to remove it from your PC immediatly.

Jesli wcisne "Tak" Wywali stronke z wirusami jesli nie to za chwile znow wyskoczy:(

Oraz 2 komunikat:

Windows Security Alert

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with Spyware or harmful viruses. Run Full System Scan to protect Your PC from Internet Atack, hijacking attempts and spyware! Click Here to download spyware remover to total protection.
OK Anuluj

Tak samo jak w przypadku 1 "Ok" oznacza stronke wirusem.

Plix o pomoc

Nie jestem doswiadczony w takich sprawach. wiec mam nadzieje ze mi pomozecie:)

acha jeszcze jedno komp sie czesto przycina a na pulpicie utworzyly sie ikonki typu error cleaner pryvacy detector i Spyware&Malware Protection

Z gory thx:)

Wróć do góry of the page up there ^

#9 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 21 luty 2008 - 22:17

------------------ @Pawcio194

Daj log z -->ComboFix.

==================
F.

Wróć do góry of the page up there ^

#10 Pawcio194

Adept

Grupa: Forumowicze
Postów: 5
Dołączył: 21-luty 08
Płeć:Mężczyzna
Lokalizacja:Częstochowa, Polska

Napisany 22 luty 2008 - 13:10

Troche boje sie uzywac combo fixa bo czytalem temacie z combofixem ze win juz moze nie wstac:(
a jakby sie tak zdarzylo to brat by mnie zabil:(

Wróć do góry of the page up there ^

#11 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 22 luty 2008 - 14:09

No cóż, to Twój wybór.

==============
F.

Wróć do góry of the page up there ^

#12 Pawcio194

Adept

Grupa: Forumowicze
Postów: 5
Dołączył: 21-luty 08
Płeć:Mężczyzna
Lokalizacja:Częstochowa, Polska

Napisany 22 luty 2008 - 14:37

Raz kozie śmierć

oto raporcik:

ComboFix 08-02-22.2 - paweł i sylwia 2008-02-22 14:17:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.105 [GMT 1:00]
Running from: C:\Documents and Settings\paweł i sylwia\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\cinos i nina\Dane aplikacji\inst.exe
C:\Documents and Settings\cinos i nina\Pulpit\Error Cleaner.url
C:\Documents and Settings\cinos i nina\Pulpit\Privacy Protector.url
C:\Documents and Settings\cinos i nina\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\cinos i nina\Ulubione\Error Cleaner.url
C:\Documents and Settings\cinos i nina\Ulubione\Privacy Protector.url
C:\Documents and Settings\cinos i nina\Ulubione\Spyware&Malware Protection.url
C:\Documents and Settings\paweł i sylwia\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\paweł i sylwia\Ulubione\Error Cleaner.url
C:\Documents and Settings\paweł i sylwia\Ulubione\Privacy Protector.url
C:\Documents and Settings\paweł i sylwia\Ulubione\Spyware&Malware Protection.url
C:\Documents and Settings\pawe i sylwia\Pulpit\Error Cleaner.url
C:\Documents and Settings\pawe i sylwia\Pulpit\Privacy Protector.url
C:\WINDOWS\rs.txt

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-20 19:38 . 2008-02-20 19:38 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-20 19:38 . 2004-01-08 07:54 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-20 19:38 . 2005-08-29 13:23 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2008-02-20 18:33 . 2008-02-20 18:25 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-20 18:33 . 2008-02-20 18:33 2,547 --a------ C:\WINDOWS\unins000.dat
2008-02-19 23:27 . 2008-02-19 23:27 <DIR> d-------- C:\Documents and Settings\paweł i sylwia\Dane aplikacji\PC Tools
2008-02-19 23:27 . 2008-02-22 14:13 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-19 17:16 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-19 17:16 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-19 17:16 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-19 17:16 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-19 13:21 . 2008-02-19 23:27 <DIR> d-------- C:\Documents and Settings\paweł i sylwia\Dane aplikacji\SysCleaner
2008-02-19 01:00 . 2008-02-19 23:27 <DIR> d-------- C:\Documents and Settings\cinos i nina\Dane aplikacji\SysCleaner
2008-02-19 00:59 . 2008-02-19 23:27 <DIR> d-------- C:\Program Files\SysCleaner
2008-02-18 20:33 . 2008-02-20 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-17 22:23 . 2008-02-20 19:40 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-17 21:25 . 2008-02-17 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-02-17 21:20 . 2008-02-19 23:27 <DIR> d-------- C:\Program Files\XP Antivirus
2008-02-17 14:45 . 2008-02-17 11:45 262,144 --a------ C:\WINDOWS\admgcx.dll
2008-02-17 14:45 . 2008-02-17 11:45 217,088 --------- C:\WINDOWS\bdmanager.dll
2008-02-17 14:45 . 2008-02-17 11:45 81,920 --a------ C:\WINDOWS\fsxloqf.exe
2008-01-31 11:54 . 2008-01-31 11:54 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-31 11:54 . 2007-10-19 04:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-31 11:54 . 2008-01-31 11:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 14:12 . 2008-01-29 14:12 <DIR> d-------- C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 13:29 816,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 13:29 22,425,120 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 13:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-22 13:08 84,728 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-22 13:08 323,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 23:53 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Azureus
2008-02-20 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 18:40 --------- d-----w C:\Program Files\NetWatcherPro
2008-02-20 18:40 --------- d-----w C:\Program Files\Mouse Driver
2008-02-20 18:40 --------- d-----w C:\Program Files\dvd43
2008-02-20 18:40 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-20 18:40 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-31 17:04 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-20 16:41 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
2008-01-20 10:00 --------- d-----w C:\Program Files\Winamp
2008-01-15 15:46 --------- d-----w C:\Program Files\Total Video Converter
2008-01-14 16:45 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\AdobeUM
2008-01-13 13:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-01-13 13:35 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\InstallShield
2008-01-10 13:28 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\AdobeUM
2008-01-06 13:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-01-06 00:17 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-02 16:33 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Teleca
2008-01-02 14:19 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Teleca
2008-01-02 14:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-02 14:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-01-02 14:16 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-02 14:13 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-01-02 14:13 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2007-12-30 14:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\1Click DVD Copy Pro
2007-12-29 13:05 --------- d-----w C:\Program Files\Malicious Software Removal Tool
2007-12-29 13:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-29 13:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-29 12:59 --------- d-----w C:\Program Files\Java
2007-12-29 12:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-29 12:12 --------- d-----w C:\Program Files\MSBuild
2007-12-29 12:06 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-29 11:43 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-29 11:42 --------- d-----w C:\Program Files\AutoPatcher Tools
2007-12-29 11:28 --------- d-----w C:\Program Files\AutoPatcher
2007-12-29 11:19 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\IrfanView
2007-12-28 23:58 --------- d-----w C:\Program Files\Matroska Pack
2007-12-28 23:52 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Apple Computer
2007-12-28 23:50 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Media Player Classic
2007-12-28 23:50 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\DivX
2007-12-28 23:24 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-12-28 23:24 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-12-28 23:24 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2007-12-28 23:24 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2007-12-28 23:24 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-12-28 23:24 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-12-28 23:24 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-12-28 23:24 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2007-12-28 23:23 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-28 23:19 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-28 23:17 --------- d-----w C:\Program Files\PowerQuest
2007-12-28 23:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-28 22:50 --------- d-----w C:\Program Files\IrfanView
2007-12-28 22:47 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Winamp
2007-12-28 22:44 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Skype
2007-12-28 22:43 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-28 22:43 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\skypePM
2007-12-28 22:41 --------- d-----w C:\Program Files\Skype
2007-12-28 22:41 --------- d-----w C:\Program Files\Real Alternative
2007-12-28 22:41 --------- d-----w C:\Program Files\Media Player Classic
2007-12-28 22:41 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-28 22:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-28 22:40 --------- d-----w C:\Program Files\QuickTime
2007-12-28 22:39 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-12-28 22:38 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-28 22:32 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Gadu-Gadu
2007-12-28 22:31 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-28 22:28 --------- d-----w C:\Program Files\DivX
2007-12-28 22:25 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\BearShare
2007-12-28 22:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-12-28 22:17 --------- d-----w C:\Program Files\Audacity
2007-12-28 22:17 --------- d-----w C:\Program Files\ATITool
2007-12-28 22:11 --------- d-----w C:\Program Files\MarBit
2007-12-28 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 22:09 --------- d-----w C:\Program Files\AC3Filter
2007-12-28 22:08 --------- d-----w C:\Program Files\WhereIsIt
2007-12-28 22:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WhereIsIt
2007-12-28 21:59 --------- d-----w C:\Program Files\Lavasoft
2007-12-28 15:17 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Tibia
2007-12-28 12:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\vsosdk
2007-12-28 10:22 --------- d-----w C:\Program Files\MultiKeyboard Driver
2007-12-28 10:21 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-12-28 10:12 --------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-12-28 10:09 --------- d-----w C:\Program Files\BearPaw 2448CU Pro
2007-12-28 10:08 --------- d-----w C:\Program Files\Temp
2007-12-28 10:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-28 10:06 47,360 ----a-w C:\Documents and Settings\cinos i nina\Dane aplikacji\pcouffin.sys
2007-12-28 10:06 --------- d-----w C:\Program Files\LG Software Innovations
2007-12-28 10:06 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Vso
2007-12-28 10:04 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-12-28 01:20 --------- d-----w C:\Program Files\Common Files\Java
2007-12-28 01:02 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-28 00:56 --------- d-----w C:\Program Files\Kaspersky Lab
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5D8B2464-E896-4C7A-970F-1C44BF30B3E9}

[HKEY_CLASSES_ROOT\clsid\{5d8b2464-e896-4c7a-970f-1c44bf30b3e9}]
[HKEY_CLASSES_ROOT\emotigt.1]
[HKEY_CLASSES_ROOT\TypeLib\{A1E900E5-CF6A-416B-94B4-F4C437E97E7A}]
[HKEY_CLASSES_ROOT\emotigt]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:44 110592 C:\WINDOWS\system32\bthprops.cpl]
"nForce Tray Options"="sstray.exe" [2003-12-17 18:53 73728 C:\WINDOWS\system32\sstray.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26 694272]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-02-17 21:36 2476408]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"NetWatcherPro"="C:\Program Files\NetWatcherPro\NetWatcherPro.exe" [1998-04-20 19:56 524288]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"KMCONFIG"="C:\Program Files\Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\cinos i nina\Menu Start\Programy\Autostart\
MutiKeyboard Driver.lnk - C:\Program Files\MultiKeyboard Driver\KbdDrv.exe [2007-12-28 11:22:44 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdmanager"= {ACFE04EA-9F1E-4872-9E4D-C5AFFAA10ED0} - C:\WINDOWS\bdmanager.dll [2008-02-17 11:45 217088]
"admgcx"= {5DD6F70F-A208-464C-9F37-4579878AB9F4} - C:\WINDOWS\admgcx.dll [2008-02-17 11:45 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 17:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 16:49]
R0 pe3alz4b;Gwiezdne Wilki 2 Environment Driver (pe3alz4b);C:\WINDOWS\system32\drivers\pe3alz4b.sys [2007-07-13 16:43]
R0 ps6alz4b;Gwiezdne Wilki 2 Synchronization Driver (ps6alz4b);C:\WINDOWS\system32\drivers\ps6alz4b.sys [2007-07-13 16:42]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 10:29]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2004-01-08 07:54]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 pr2alz4b;Gwiezdne Wilki 2 Drivers Auto Removal (pr2alz4b);C:\WINDOWS\system32\pr2alz4b.exe svc []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 14:30:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 14:33:27
ComboFix-quarantined-files.txt 2008-02-22 13:33:17

Wróć do góry of the page up there ^

#13 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 22 luty 2008 - 14:53

Widzę, że zdążyły już Ci się zainstalować fałszywe programy ochronne.

Wklej do Notatnika:

File::
C:\WINDOWS\admgcx.dll
C:\WINDOWS\bdmanager.dll
C:\WINDOWS\fsxloqf.exe

Folder::
C:\Documents and Settings\paweł i sylwia\Dane aplikacji\SysCleaner
C:\Documents and Settings\cinos i nina\Dane aplikacji\SysCleaner
C:\Program Files\SysCleaner
C:\Program Files\XP Antivirus

Driver::
PavSRK

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5D8B2464-E896-4C7A-970F-1C44BF30B3E9}"=-
[-HKEY_CLASSES_ROOT\clsid\{5d8b2464-e896-4c7a-970f-1c44bf30b3e9}]
[-HKEY_CLASSES_ROOT\emotigt.1]
[-HKEY_CLASSES_ROOT\TypeLib\{A1E900E5-CF6A-416B-94B4-F4C437E97E7A}]
[-HKEY_CLASSES_ROOT\emotigt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bdmanager"=-
"admgcx"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku --> Dodaj obrazek

Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C: \Qoobox.

======================
F.

Wróć do góry of the page up there ^

#14 Pawcio194

Adept

Grupa: Forumowicze
Postów: 5
Dołączył: 21-luty 08
Płeć:Mężczyzna
Lokalizacja:Częstochowa, Polska

Napisany 22 luty 2008 - 15:48

oto raporcik:

ComboFix 08-02-22.2 - paweł i sylwia 2008-02-22 15:31:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.130 [GMT 1:00]
Running from: C:\Documents and Settings\paweł i sylwia\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\paweł i sylwia\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::
C:\WINDOWS\admgcx.dll
C:\WINDOWS\bdmanager.dll
C:\WINDOWS\fsxloqf.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-20 19:38 . 2008-02-20 19:38 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-20 19:38 . 2004-01-08 07:54 163,856 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-20 19:38 . 2005-08-29 13:23 26,752 --a------ C:\WINDOWS\system32\drivers\ShldDrv.sys
2008-02-20 18:33 . 2008-02-20 18:25 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-20 18:33 . 2008-02-20 18:33 2,547 --a------ C:\WINDOWS\unins000.dat
2008-02-19 23:27 . 2008-02-19 23:27 <DIR> d-------- C:\Documents and Settings\paweł i sylwia\Dane aplikacji\PC Tools
2008-02-19 23:27 . 2008-02-22 15:14 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-19 17:16 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-19 17:16 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-19 17:16 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-19 17:16 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-18 20:33 . 2008-02-20 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-17 22:23 . 2008-02-20 19:40 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-17 21:25 . 2008-02-17 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-31 11:54 . 2008-01-31 11:54 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-01-31 11:54 . 2007-10-19 04:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-01-31 11:54 . 2008-01-31 11:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-29 14:12 . 2008-01-29 14:12 <DIR> d-------- C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 14:42 22,769,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-22 14:41 822,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-22 13:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-22 13:46 84,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-22 13:46 325,748 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 23:53 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Azureus
2008-02-20 19:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 18:40 --------- d-----w C:\Program Files\NetWatcherPro
2008-02-20 18:40 --------- d-----w C:\Program Files\Mouse Driver
2008-02-20 18:40 --------- d-----w C:\Program Files\dvd43
2008-02-20 18:40 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-20 18:40 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-31 17:04 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-01-20 16:41 53,248 ----a-w C:\WINDOWS\system32\unrar.dll
2008-01-20 10:00 --------- d-----w C:\Program Files\Winamp
2008-01-15 15:46 --------- d-----w C:\Program Files\Total Video Converter
2008-01-14 16:45 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\AdobeUM
2008-01-13 13:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2008-01-13 13:35 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\InstallShield
2008-01-10 13:28 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\AdobeUM
2008-01-06 13:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-01-06 00:17 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-02 16:33 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Teleca
2008-01-02 14:19 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Teleca
2008-01-02 14:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-02 14:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-01-02 14:16 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-02 14:13 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-01-02 14:13 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2007-12-30 14:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\1Click DVD Copy Pro
2007-12-29 13:05 --------- d-----w C:\Program Files\Malicious Software Removal Tool
2007-12-29 13:02 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-29 13:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-29 12:59 --------- d-----w C:\Program Files\Java
2007-12-29 12:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-29 12:12 --------- d-----w C:\Program Files\MSBuild
2007-12-29 12:06 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-29 11:43 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-29 11:42 --------- d-----w C:\Program Files\AutoPatcher Tools
2007-12-29 11:28 --------- d-----w C:\Program Files\AutoPatcher
2007-12-29 11:19 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\IrfanView
2007-12-28 23:58 --------- d-----w C:\Program Files\Matroska Pack
2007-12-28 23:52 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Apple Computer
2007-12-28 23:50 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Media Player Classic
2007-12-28 23:50 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\DivX
2007-12-28 23:24 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-12-28 23:24 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-12-28 23:24 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2007-12-28 23:24 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2007-12-28 23:24 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-12-28 23:24 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-12-28 23:24 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-12-28 23:24 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2007-12-28 23:23 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2007-12-28 23:19 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-28 23:17 --------- d-----w C:\Program Files\PowerQuest
2007-12-28 23:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-28 22:50 --------- d-----w C:\Program Files\IrfanView
2007-12-28 22:47 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Winamp
2007-12-28 22:44 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Skype
2007-12-28 22:43 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-28 22:43 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\skypePM
2007-12-28 22:41 --------- d-----w C:\Program Files\Skype
2007-12-28 22:41 --------- d-----w C:\Program Files\Real Alternative
2007-12-28 22:41 --------- d-----w C:\Program Files\Media Player Classic
2007-12-28 22:41 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-28 22:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-28 22:40 --------- d-----w C:\Program Files\QuickTime
2007-12-28 22:39 --------- d-----w C:\Program Files\Apple Software Update
2007-12-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-28 22:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-12-28 22:38 --------- d-----w C:\Program Files\NAPI-PROJEKT
2007-12-28 22:32 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Gadu-Gadu
2007-12-28 22:31 --------- d-----w C:\Program Files\Gadu-Gadu
2007-12-28 22:28 --------- d-----w C:\Program Files\DivX
2007-12-28 22:25 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\BearShare
2007-12-28 22:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-12-28 22:17 --------- d-----w C:\Program Files\Audacity
2007-12-28 22:17 --------- d-----w C:\Program Files\ATITool
2007-12-28 22:11 --------- d-----w C:\Program Files\MarBit
2007-12-28 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 22:09 --------- d-----w C:\Program Files\AC3Filter
2007-12-28 22:08 --------- d-----w C:\Program Files\WhereIsIt
2007-12-28 22:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WhereIsIt
2007-12-28 21:59 --------- d-----w C:\Program Files\Lavasoft
2007-12-28 15:17 --------- d-----w C:\Documents and Settings\paweł i sylwia\Dane aplikacji\Tibia
2007-12-28 12:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\vsosdk
2007-12-28 10:22 --------- d-----w C:\Program Files\MultiKeyboard Driver
2007-12-28 10:21 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2007-12-28 10:12 --------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint
2007-12-28 10:09 --------- d-----w C:\Program Files\BearPaw 2448CU Pro
2007-12-28 10:08 --------- d-----w C:\Program Files\Temp
2007-12-28 10:06 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-28 10:06 47,360 ----a-w C:\Documents and Settings\cinos i nina\Dane aplikacji\pcouffin.sys
2007-12-28 10:06 --------- d-----w C:\Program Files\LG Software Innovations
2007-12-28 10:06 --------- d-----w C:\Documents and Settings\cinos i nina\Dane aplikacji\Vso
2007-12-28 10:04 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-12-28 01:20 --------- d-----w C:\Program Files\Common Files\Java
2007-12-28 01:02 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-28 00:56 --------- d-----w C:\Program Files\Kaspersky Lab
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:44 110592 C:\WINDOWS\system32\bthprops.cpl]
"nForce Tray Options"="sstray.exe" [2003-12-17 18:53 73728 C:\WINDOWS\system32\sstray.exe]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26 694272]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-02-17 21:36 2476408]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"NetWatcherPro"="C:\Program Files\NetWatcherPro\NetWatcherPro.exe" [1998-04-20 19:56 524288]
"Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"KMCONFIG"="C:\Program Files\Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992]
"ISTray"="E:\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\cinos i nina\Menu Start\Programy\Autostart\
MutiKeyboard Driver.lnk - C:\Program Files\MultiKeyboard Driver\KbdDrv.exe [2007-12-28 11:22:44 348160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 axwhisky;axwhisky;C:\WINDOWS\system32\DRIVERS\axwhisky.sys [2003-07-02 17:41]
R0 axwskbus;axwskbus;C:\WINDOWS\system32\DRIVERS\axwskbus.sys [2003-07-02 16:49]
R0 pe3alz4b;Gwiezdne Wilki 2 Environment Driver (pe3alz4b);C:\WINDOWS\system32\drivers\pe3alz4b.sys [2007-07-13 16:43]
R0 ps6alz4b;Gwiezdne Wilki 2 Synchronization Driver (ps6alz4b);C:\WINDOWS\system32\drivers\ps6alz4b.sys [2007-07-13 16:42]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Mouse Driver\KMWDSrv.exe [2007-04-05 10:29]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2004-01-08 07:54]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 pr2alz4b;Gwiezdne Wilki 2 Drivers Auto Removal (pr2alz4b);C:\WINDOWS\system32\pr2alz4b.exe svc []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:42:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-22 15:46:50
ComboFix-quarantined-files.txt 2008-02-22 14:46:36
ComboFix2.txt 2008-02-22 13:33:32

Wróć do góry of the page up there ^

#15 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 22 luty 2008 - 16:33

Log jest czysty.
Ale w logu nie widzę śladów usuwania - czyżby szkodniki same wyparowały?

=======================
F.

Wróć do góry of the page up there ^

#16 Pawcio194

Adept

Grupa: Forumowicze
Postów: 5
Dołączył: 21-luty 08
Płeć:Mężczyzna
Lokalizacja:Częstochowa, Polska

Ikona postu Napisany 22 luty 2008 - 18:23

Ja zrobilem 2 razy dzialanie combofixa bo myslalem ze cos poszlo zle i wkleilem 2 log:)
ale warzne ze juz nie ma zagrorzenia:D
sciagnalem se Spyware doctora z kluczem na rok teraz mnie bedzie chronil:)
jeszcze raz THX:D

Jesli cos takiego sie powtorzy to napisze:)

Pawcio194

Wróć do góry of the page up there ^

#17 agerwaen

Adept

Grupa: Forumowicze
Postów: 4
Dołączył: 24-luty 08
Płeć:Mężczyzna
Lokalizacja:Warszawa, Polska

Napisany 24 luty 2008 - 13:50

Czy ja również mógłbym prosić o pomoc ?

ComboFix 08-02-24.4 -  2008-02-24 13:05:43.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.152 [GMT 1:00]
Running from: C:\Folder śmieciowy\ComboFix.exe
 * Created a new restore point

[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dat.txt
C:\WINDOWS\dgtxrdfrqm.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
hxxp://onsafepro.com
.
(((((((((((((((((((((((((   Files Created from 2008-01-24 to 2008-02-24  )))))))))))))))))))))))))))))))
.

2008-02-24 10:58 . 2008-02-24 10:59	<DIR>	d--------	C:\Program Files\XoftSpySE
2008-02-24 00:48 . 2008-02-24 10:59	<DIR>	d--------	C:\Program Files\Enigma Software Group
2008-02-23 22:30 . 2007-12-10 14:53	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-23 22:30 . 2007-12-10 14:53	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-23 22:30 . 2007-12-10 14:53	41,864	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-23 22:30 . 2007-12-10 14:53	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2008-02-23 22:29 . 2008-02-24 12:12	<DIR>	d--------	C:\Program Files\Spyware Doctor
2008-02-23 16:24 . 2008-02-23 16:26	<DIR>	d--------	C:\Program Files\Unlocker
2008-02-23 11:37 . 2008-02-23 11:37	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-02-23 11:37 . 2008-02-23 11:37	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-23 10:46 . 2008-02-24 13:05	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-22 23:24 . 2008-02-22 23:24	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2008-02-22 21:22 . 2008-02-22 21:22	106,496	--a------	C:\WINDOWS\DIIUnin.exe
2008-02-22 21:22 . 2008-02-22 21:33	33,093	--a------	C:\WINDOWS\DIIUnin.dat
2008-02-22 21:22 . 2008-02-22 21:22	2,829	--a------	C:\WINDOWS\DIIUnin.pif
2008-02-22 20:53 . 2008-02-22 15:49	262,144	--a------	C:\WINDOWS\alofkmn.dll
2008-02-22 20:53 . 2008-02-22 15:49	81,920	--a------	C:\WINDOWS\fkxvkns.exe
2008-02-22 20:21 . 2008-02-22 21:34	21,840	--a----t-	C:\WINDOWS\system32\SIntfNT.dll
2008-02-22 20:21 . 2008-02-22 21:34	17,212	--a----t-	C:\WINDOWS\system32\SIntf32.dll
2008-02-22 20:21 . 2008-02-22 21:34	12,067	--a----t-	C:\WINDOWS\system32\SIntf16.dll
2008-02-20 21:12 . 2008-02-20 21:12	<DIR>	d--------	C:\Program Files\Psi
2008-02-20 09:05 . 2008-02-20 11:54	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\stickies
2008-02-19 12:07 . 2008-02-19 12:07	0	--a------	C:\WINDOWS\pvcsmerge.INI
2008-02-19 12:05 . 2008-02-19 12:08	1,847	--a------	C:\WINDOWS\islv.ini
2008-02-19 09:59 . 2008-02-20 09:49	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\OpenOffice.org2
2008-02-18 08:47 . 2008-02-18 09:19	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\PLSQL Developer
2008-02-18 08:41 . 2008-02-18 08:41	<DIR>	d--------	C:\Program Files\lotus
2008-02-18 08:41 . 2008-02-18 08:41	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lotus
2008-02-18 08:41 . 2008-02-18 08:41	995	--a------	C:\WINDOWS\system32\mapisvc.inf
2008-02-18 08:39 . 2008-02-20 08:25	<DIR>	d--------	C:\Program Files\PLSQL Developer
2008-02-18 08:39 . 2002-09-12 16:03	69,632	--a------	C:\WINDOWS\aaRemove.exe
2008-02-18 08:30 . 2008-02-18 08:37	<DIR>	d--------	C:\Program Files\Oracle
2008-02-18 08:30 . 2008-02-18 08:30	<DIR>	d--------	C:\oracle
2008-02-18 08:08 . 2008-02-20 10:43	<DIR>	d--h-----	C:\Documents and Settings\praca\Ustawienia lokalne
2008-02-18 08:08 . 2008-02-18 10:32	<DIR>	dr-------	C:\Documents and Settings\praca\Ulubione
2008-02-18 08:08 . 2007-09-29 08:28	<DIR>	d--h-----	C:\Documents and Settings\praca\Szablony
2008-02-18 08:08 . 2008-02-20 10:13	<DIR>	d--------	C:\Documents and Settings\praca\Pulpit
2008-02-18 08:08 . 2008-02-20 09:50	<DIR>	dr-------	C:\Documents and Settings\praca\Moje dokumenty
2008-02-18 08:08 . 2007-09-29 10:11	<DIR>	dr-------	C:\Documents and Settings\praca\Menu Start
2008-02-18 08:08 . 2008-02-20 09:05	<DIR>	dr-h-----	C:\Documents and Settings\praca\Dane aplikacji
2008-02-18 08:08 . 2004-08-04 01:44	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-02-05 15:41 . 2008-02-05 15:53	65,536	--a------	C:\WINDOWS\IFinst27.exe
2008-02-04 22:53 . 2008-02-04 22:53	<DIR>	d--------	C:\Documents and Settings\My\download
2008-02-04 22:53 . 2008-02-04 22:53	<DIR>	d--------	C:\Documents and Settings\My\.kvirc
2008-02-04 22:53 . 2008-02-04 22:53	72	--a------	C:\WINDOWS\kvirc-3.2.0.ini
2008-02-04 22:51 . 2008-02-15 22:30	<DIR>	d--------	C:\Program Files\KVIrc
2008-02-03 19:16 . 2008-02-18 08:35	<DIR>	d--------	C:\Downloads
2008-02-03 19:15 . 2008-02-03 19:37	<DIR>	d--------	C:\Program Files\BitComet
2008-01-31 17:23 . 2008-02-01 12:46	<DIR>	d--------	C:\Temp
2008-01-31 17:21 . 2008-01-31 17:21	<DIR>	d--------	C:\Program Files\DVDVideoSoft
2008-01-28 15:39 . 2008-02-21 10:47	<DIR>	d--------	C:\Program Files\Spik

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:58	---------	d-----w	C:\Program Files\foobar2000
2008-02-20 20:26	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-02-18 07:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-02-17 20:12	---------	d-----w	C:\Program Files\Google
2008-02-17 10:13	---------	d-----w	C:\Program Files\Three Rings Design
2008-01-31 16:21	---------	d-----w	C:\Program Files\Common Files\DVDVideoSoft
2008-01-27 22:34	---------	d-----w	C:\Program Files\Tlen.pl
2008-01-14 21:34	---------	d-----w	C:\Program Files\Wakan
2008-01-14 19:47	---------	d-----w	C:\Program Files\DivX
2008-01-09 11:18	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2007-12-30 15:18	---------	d-----w	C:\Program Files\MoorHunt
2007-12-30 13:08	---------	d-----w	C:\Program Files\Opera
2007-12-11 19:44	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44	156,992	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:14	824,832	----a-w	C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42	550,912	----a-w	C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr
2007-12-02 22:22	737,280	----a-w	C:\WINDOWS\iun6002.exe
2007-09-19 20:18	32	----a-r	C:\Documents and Settings\All Users\hash.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BBE2B433-33B2-4953-BC77-0669D2E9B748}

[HKEY_CLASSES_ROOT\clsid\{bbe2b433-33b2-4953-bc77-0669d2e9b748}]
[HKEY_CLASSES_ROOT\ekvgsnw.1]
[HKEY_CLASSES_ROOT\TypeLib\{8C438EE2-7B26-41AB-937A-83A68FE95215}]
[HKEY_CLASSES_ROOT\ekvgsnw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"VTTimer"="VTTimer.exe" [2006-08-03 13:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-08-25 12:52 176128 C:\WINDOWS\system32\VTTrayp.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-08-10 14:09 172032]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-08-10 14:56 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"= {4038593E-D415-4759-BA71-5E94A3F1A39A} - C:\WINDOWS\alofkmn.dll [2008-02-22 15:49 262144]
"bxlrvps"= {0EB5BA3D-B721-445C-ACDD-C50828755863} - C:\WINDOWS\bxlrvps.dll [ ]
"DriveDrive"= {426d87f7-c2c0-4d5d-8c4d-676ff410564b} - C:\WINDOWS\Installer\{426d87f7-c2c0-4d5d-8c4d-676ff410564b}\DriveDrive.dll [2008-02-22 20:53 17958]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 23:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Gry\\heroes 3\\HEROES~1.EXE"=
"C:\\Programy inne\\jabbin-2.0beta-win\\Jabbin.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Gajim\\src\\gajim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Gry\\Fallout Tactics\\BOS.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Psi\\psi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25578:TCP"= 25578:TCP:BitComet 25578 TCP
"25578:UDP"= 25578:UDP:BitComet 25578 UDP

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2006-08-10 15:00]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 11:50:16 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-24 09:58:21 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-02-24 13:07:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-02-24 13:09:01
ComboFix-quarantined-files.txt  2008-02-24 12:08:51
.
2008-02-15 09:39:21	--- E O F ---

Wróć do góry of the page up there ^

#18 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 24 luty 2008 - 14:34

---------------- @agerwaen

Wklej do Notatnika:

File::
C:\WINDOWS\alofkmn.dll
C:\WINDOWS\Installer\{426d87f7-c2c0-4d5d-8c4d-676ff410564b}\DriveDrive.dll
C:\WINDOWS\alofkmn.dll
C:\WINDOWS\fkxvkns.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"=-
"bxlrvps"=-
"DriveDrive"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=-
"ISUSPM"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BBE2B433-33B2-4953-BC77-0669D2E9B748}"=-
[-HKEY_CLASSES_ROOT\clsid\{bbe2b433-33b2-4953-bc77-0669d2e9b748}]
[-HKEY_CLASSES_ROOT\ekvgsnw.1]
[-HKEY_CLASSES_ROOT\TypeLib\{8C438EE2-7B26-41AB-937A-83A68FE95215}]
[-HKEY_CLASSES_ROOT\ekvgsnw]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku --> Dodaj obrazek

Wróć do góry of the page up there ^

#19 agerwaen

Adept

Grupa: Forumowicze
Postów: 4
Dołączył: 24-luty 08
Płeć:Mężczyzna
Lokalizacja:Warszawa, Polska

Napisany 24 luty 2008 - 17:14

Log po uruchomieniu skryptu wygląda następująco :

ComboFix 08-02-24.4 - My 2008-02-24 16:37:20.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.217 [GMT 1:00]
Running from: C:\Folder śmieciowy\ComboFix.exe
Command switches used :: C:\Folder śmieciowy\CFScript.txt
 * Created a new restore point

[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\alofkmn.dll
C:\WINDOWS\fkxvkns.exe
C:\WINDOWS\Installer\{426d87f7-c2c0-4d5d-8c4d-676ff410564b}\DriveDrive.dll
.
[color="purple"]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\guard32.dll


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\alofkmn.dll
C:\WINDOWS\fkxvkns.exe
C:\WINDOWS\Installer\{426d87f7-c2c0-4d5d-8c4d-676ff410564b}\DriveDrive.dll

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
.
(((((((((((((((((((((((((   Files Created from 2008-01-24 to 2008-02-24  )))))))))))))))))))))))))))))))
.

2008-02-24 16:29 . 2008-02-24 16:29	2,560	--a------	C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-02-24 13:38 . 2008-02-24 13:38	<DIR>	d--------	C:\Program Files\COMODO
2008-02-24 13:38 . 2008-02-24 14:15	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-02-24 13:38 . 2008-02-24 13:38	139,008	--a------	C:\WINDOWS\system32\guard32.dll.vir
2008-02-24 13:38 . 2008-02-24 13:38	84,856	--a------	C:\WINDOWS\system32\drivers\cmdguard.sys
2008-02-24 13:38 . 2008-02-24 13:38	23,800	--a------	C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-02-24 13:09 . 2008-02-24 13:09	<DIR>	dr-------	C:\Documents and Settings\LocalService\Ulubione
2008-02-24 13:09 . 2008-02-24 13:09	<DIR>	d--------	C:\Documents and Settings\LocalService\Pulpit
2008-02-24 13:09 . 2008-02-24 13:09	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start
2008-02-24 10:58 . 2008-02-24 10:59	<DIR>	d--------	C:\Program Files\XoftSpySE
2008-02-24 00:48 . 2008-02-24 10:59	<DIR>	d--------	C:\Program Files\Enigma Software Group
2008-02-23 22:30 . 2007-12-10 14:53	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-23 22:30 . 2007-12-10 14:53	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-23 22:30 . 2007-12-10 14:53	41,864	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-23 22:30 . 2007-12-10 14:53	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys
2008-02-23 22:29 . 2008-02-24 12:12	<DIR>	d--------	C:\Program Files\Spyware Doctor
2008-02-23 16:24 . 2008-02-23 16:26	<DIR>	d--------	C:\Program Files\Unlocker
2008-02-23 11:37 . 2008-02-23 11:37	<DIR>	d--------	C:\WINDOWS\system32\Kaspersky Lab
2008-02-23 11:37 . 2008-02-23 11:37	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-23 10:46 . 2008-02-24 16:35	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-22 23:24 . 2008-02-22 23:24	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy
2008-02-22 21:22 . 2008-02-22 21:22	106,496	--a------	C:\WINDOWS\DIIUnin.exe
2008-02-22 21:22 . 2008-02-22 21:33	33,093	--a------	C:\WINDOWS\DIIUnin.dat
2008-02-22 21:22 . 2008-02-22 21:22	2,829	--a------	C:\WINDOWS\DIIUnin.pif
2008-02-22 20:21 . 2008-02-22 21:34	21,840	--a----t-	C:\WINDOWS\system32\SIntfNT.dll
2008-02-22 20:21 . 2008-02-22 21:34	17,212	--a----t-	C:\WINDOWS\system32\SIntf32.dll
2008-02-22 20:21 . 2008-02-22 21:34	12,067	--a----t-	C:\WINDOWS\system32\SIntf16.dll
2008-02-20 21:12 . 2008-02-20 21:12	<DIR>	d--------	C:\Program Files\Psi
2008-02-20 09:05 . 2008-02-20 11:54	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\stickies
2008-02-19 12:07 . 2008-02-19 12:07	0	--a------	C:\WINDOWS\pvcsmerge.INI
2008-02-19 12:05 . 2008-02-19 12:08	1,847	--a------	C:\WINDOWS\islv.ini
2008-02-19 09:59 . 2008-02-20 09:49	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\OpenOffice.org2
2008-02-18 08:47 . 2008-02-18 09:19	<DIR>	d--------	C:\Documents and Settings\praca\Dane aplikacji\PLSQL Developer
2008-02-18 08:41 . 2008-02-18 08:41	<DIR>	d--------	C:\Program Files\lotus
2008-02-18 08:41 . 2008-02-18 08:41	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lotus
2008-02-18 08:41 . 2008-02-18 08:41	995	--a------	C:\WINDOWS\system32\mapisvc.inf
2008-02-18 08:39 . 2008-02-20 08:25	<DIR>	d--------	C:\Program Files\PLSQL Developer
2008-02-18 08:39 . 2002-09-12 16:03	69,632	--a------	C:\WINDOWS\aaRemove.exe
2008-02-18 08:30 . 2008-02-18 08:37	<DIR>	d--------	C:\Program Files\Oracle
2008-02-18 08:30 . 2008-02-18 08:30	<DIR>	d--------	C:\oracle
2008-02-18 08:08 . 2008-02-24 13:09	<DIR>	d--h-----	C:\Documents and Settings\praca\Ustawienia lokalne
2008-02-18 08:08 . 2008-02-18 10:32	<DIR>	dr-------	C:\Documents and Settings\praca\Ulubione
2008-02-18 08:08 . 2007-09-29 08:28	<DIR>	d--h-----	C:\Documents and Settings\praca\Szablony
2008-02-18 08:08 . 2008-02-20 10:13	<DIR>	d--------	C:\Documents and Settings\praca\Pulpit
2008-02-18 08:08 . 2008-02-20 09:50	<DIR>	dr-------	C:\Documents and Settings\praca\Moje dokumenty
2008-02-18 08:08 . 2007-09-29 10:11	<DIR>	dr-------	C:\Documents and Settings\praca\Menu Start
2008-02-18 08:08 . 2008-02-20 09:05	<DIR>	dr-h-----	C:\Documents and Settings\praca\Dane aplikacji
2008-02-18 08:08 . 2004-08-04 01:44	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-02-05 15:41 . 2008-02-05 15:53	65,536	--a------	C:\WINDOWS\IFinst27.exe
2008-02-04 22:53 . 2008-02-04 22:53	<DIR>	d--------	C:\Documents and Settings\My\download
2008-02-04 22:53 . 2008-02-04 22:53	<DIR>	d--------	C:\Documents and Settings\My\.kvirc
2008-02-04 22:53 . 2008-02-04 22:53	72	--a------	C:\WINDOWS\kvirc-3.2.0.ini
2008-02-04 22:51 . 2008-02-15 22:30	<DIR>	d--------	C:\Program Files\KVIrc
2008-02-03 19:16 . 2008-02-18 08:35	<DIR>	d--------	C:\Downloads
2008-02-03 19:15 . 2008-02-03 19:37	<DIR>	d--------	C:\Program Files\BitComet
2008-01-31 17:23 . 2008-02-01 12:46	<DIR>	d--------	C:\Temp
2008-01-31 17:21 . 2008-01-31 17:21	<DIR>	d--------	C:\Program Files\DVDVideoSoft
2008-01-28 15:39 . 2008-02-21 10:47	<DIR>	d--------	C:\Program Files\Spik

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:58	---------	d-----w	C:\Program Files\foobar2000
2008-02-20 20:26	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\stamina
2008-02-18 07:28	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-02-17 20:12	---------	d-----w	C:\Program Files\Google
2008-02-17 10:13	---------	d-----w	C:\Program Files\Three Rings Design
2008-01-31 16:21	---------	d-----w	C:\Program Files\Common Files\DVDVideoSoft
2008-01-27 22:34	---------	d-----w	C:\Program Files\Tlen.pl
2008-01-14 21:34	---------	d-----w	C:\Program Files\Wakan
2008-01-14 19:47	---------	d-----w	C:\Program Files\DivX
2008-01-09 11:18	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16	196,608	----a-w	C:\WINDOWS\system32\dtu100.dll
2007-12-30 15:18	---------	d-----w	C:\Program Files\MoorHunt
2007-12-30 13:08	---------	d-----w	C:\Program Files\Opera
2007-12-11 19:44	593,920	----a-w	C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44	57,344	----a-w	C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44	53,248	----a-w	C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44	344,064	----a-w	C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44	294,912	----a-w	C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44	294,912	----a-w	C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44	156,992	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43	12,288	----a-w	C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:14	824,832	----a-w	C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42	550,912	----a-w	C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04	837,496	----a-w	C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr
2007-12-02 22:22	737,280	----a-w	C:\WINDOWS\iun6002.exe
2007-09-19 20:18	32	----a-r	C:\Documents and Settings\All Users\hash.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BBE2B433-33B2-4953-BC77-0669D2E9B748}

[HKEY_CLASSES_ROOT\clsid\{bbe2b433-33b2-4953-bc77-0669d2e9b748}]
[HKEY_CLASSES_ROOT\ekvgsnw.1]
[HKEY_CLASSES_ROOT\TypeLib\{8C438EE2-7B26-41AB-937A-83A68FE95215}]
[HKEY_CLASSES_ROOT\ekvgsnw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"VTTimer"="VTTimer.exe" [2006-08-03 13:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-08-25 12:52 176128 C:\WINDOWS\system32\VTTrayp.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-08-10 14:09 172032]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-08-10 14:56 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-02-24 13:38 1502976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"= {4038593E-D415-4759-BA71-5E94A3F1A39A} - C:\WINDOWS\alofkmn.dll [ ]
"bxlrvps"= {0EB5BA3D-B721-445C-ACDD-C50828755863} - C:\WINDOWS\bxlrvps.dll [ ]
"DriveDrive"= {426d87f7-c2c0-4d5d-8c4d-676ff410564b} - C:\WINDOWS\Installer\{426d87f7-c2c0-4d5d-8c4d-676ff410564b}\DriveDrive.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 23:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Gry\\heroes 3\\HEROES~1.EXE"=
"C:\\Programy inne\\jabbin-2.0beta-win\\Jabbin.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Gajim\\src\\gajim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Gry\\Fallout Tactics\\BOS.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Psi\\psi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25578:TCP"= 25578:TCP:BitComet 25578 TCP
"25578:UDP"= 25578:UDP:BitComet 25578 UDP

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-02-24 13:38]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-02-24 13:38]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2006-08-10 15:00]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 19:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 15:30:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-24 09:58:21 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-02-24 16:39:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-02-24 16:41:07
ComboFix-quarantined-files.txt  2008-02-24 15:40:58
ComboFix2.txt  2008-02-24 12:09:02
.
2008-02-15 09:39:21	--- E O F ---

Z góry dziękuje za pomoc.

Wróć do góry of the page up there ^

#20 filutka78

Entuzjasta

Grupa: Forumowicze
Postów: 4874
Dołączył: 24-lipiec 07

Ikona postu Napisany 24 luty 2008 - 17:36

----------- @agerwaen

Tylko częściowo się wykonało.
Do Notatnika wklej:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BBE2B433-33B2-4953-BC77-0669D2E9B748}"=-

[-HKEY_CLASSES_ROOT\clsid\{bbe2b433-33b2-4953-bc77-0669d2e9b748}]

[-HKEY_CLASSES_ROOT\ekvgsnw.1]

[-HKEY_CLASSES_ROOT\TypeLib\{8C438EE2-7B26-41AB-937A-83A68FE95215}]

[-HKEY_CLASSES_ROOT\ekvgsnw]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"alofkmn"=-
"bxlrvps"=-
"DriveDrive"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=-
"ISUSPM"=-

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

Daj log tym razem z Hijacka (wystarczy, by sprawdzić, czy się wykonało).

====================
F.

Wróć do góry of the page up there ^

Prześlij ten temat:

(3 Stron)
1
2
3
→

Nie możesz rozpocząć nowego tematu
Ten temat jest zamknięty

Podobne tematy

Temat	Forum	Rozpoczęty przez	Statystyki	Ostatni post
Kiedy wirusy na palmtopy i komórki?	Antywirusy: Ekspert AVG odpowiada...	robertrobert	6 Odpowiedzi 3856 Wyświetleń	11 lipiec 2005 - 08:19 Przez: piotrek_avg
wirusy na płycie dvd w	Antywirusy: Ekspert NOD32 odpowiada...	zygawawa	7 Odpowiedzi 3442 Wyświetleń	10 luty 2005 - 15:07 Przez: Ali_Gator
Wirusy. Pomocy!	Antywirusy: Ekspert ArcaVir odpowiada...	wodzu150	8 Odpowiedzi 3184 Wyświetleń	31 styczeń 2005 - 20:08 Przez: andrew1209
wirusy w komórkach - co na to MKS?	Antywirusy: Ekspert ArcaVir odpowiada...	misioo	3 Odpowiedzi 1959 Wyświetleń	12 styczeń 2005 - 11:20 Przez: grzegorz_mks
wirusy w reklamach	Reklama: Ekspert AdNet odpowiada...	misioo	2 Odpowiedzi 2542 Wyświetleń	04 styczeń 2005 - 11:29 Przez: repylek

Forum IDG.pl - miejsce dyskusji o IT: Adware.Agent.BN - Forum IDG.pl - miejsce dyskusji o IT

Zasady forum eksperckiego

Adware.Agent.BN wirusy... Oceń temat: 1 Głosów

#1 Wysok

#2 Raven555

#3 filutka78

#4 Wysok

#5 filutka78

#6 Wysok

#7 filutka78

#8 Pawcio194

#9 filutka78

#10 Pawcio194

#11 filutka78

#12 Pawcio194

#13 filutka78

#14 Pawcio194

#15 filutka78

#16 Pawcio194

#17 agerwaen

#18 filutka78

#19 agerwaen

#20 filutka78

Prześlij ten temat:

Podobne tematy

2 Użytkowników czyta ten temat
0 użytkowników, 2 gości, 0 anonimowych użytkowników

Usuń post

Podobne aktualności

Reklama

Skin i Język

Statystyki wykonywania

Forum IDG.pl - miejsce dyskusji o IT: Adware.Agent.BN - Forum IDG.pl - miejsce dyskusji o IT

Zasady forum eksperckiego

Prześlij ten temat:

Podobne tematy

2 Użytkowników czyta ten temat 0 użytkowników, 2 gości, 0 anonimowych użytkowników

Usuń post

Podobne aktualności

Reklama

Skin i Język

Statystyki wykonywania

2 Użytkowników czyta ten temat
0 użytkowników, 2 gości, 0 anonimowych użytkowników