x-kom hosting

Jak usunać SpyWare?

powereg
utworzono
utworzono

Od wczoraj cos sie dzieje z moim kompem chodzi wolno jak zolw zmienia sie automatycznie tapeta [ jest tam link jak zeby przeskanowac system] domyslam sie ze nie powinnam w niego wchodzic, ikonki otoczone sa szarym tlem, ciagle wyskakuja komunikaty ze komputer zainfekowany [ w pasku zadan taki zolty trojkat] i takie czerwone okno niby Windows Security Center zebym sciagnela oprogramowanie zabezpieczajace.

Co robic??? Mam avasta i ad-aware 2008, skanuje, usuwam infekcje ale to nic nie daje.......pomocy.....

Bede wdzieczna za kazda porade. Nie znam sie za bardzo na problemach z systemem takze piszcie jak dla blondynki :)

Pozdro :)

Dołączam loga z Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:41:36, on 2008-06-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\Programy\Avast\aswUpdSv.exeD:\Programy\Avast\ashServ.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeD:\Programy\QTTask.exeD:\Programy\Avast\ashDisp.exeD:\Program Files\BearShare\BearShare.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Macrogaming\SweetIM\SweetIM.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\Silicon Image\SiISATARaid\SATARaid.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exeC:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BINC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\winself.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeD:\Programy\Avast\ashMaiSv.exeD:\Programy\Avast\ashWebSv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Neostrada TP\NeostradaTP.exeC:\Program Files\Neostrada TP\ComComp.exeC:\Program Files\Neostrada TP\Watch.exeD:\Programy\Gadu-Gadu nowe\Gadu-Gadu\gg.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dllR3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: ICQ  Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dllO3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [KAZAA] d:\Programy\Kazaa 1\kazaa.exe /SYSTRAYO4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"O4 - HKLM\..\Run: [ssAAD.exe] D:\Programy\SsAAD.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exeO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [bearShare] "D:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /rO4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exeO4 - Global Startup: SATARaid.lnk = ?O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTMLO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O17 - HKLM\System\CCS\Services\Tcpip\..\{7E300819-EB91-4336-BBC9-262DDFEB1040}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs:  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe--End of file - 12957 bytes

Mateusz J.
komentarz
komentarz

Poproszę o loga z ComboFix, sam Hjt nie wystarczy.

Być może na odp będziesz musiał czekać około godzinki, ponieważ mam trochę roboty.

powereg
komentarz
komentarz

To jeszcze dodam printscreen ekranu

Juz sie robi sympatyczny kolego :) Tylko musze sciagnac to ComboFix. Dzieki za odp.

A tak apropo to jestem dziewczynka =]

Nie ma problemu, ze godzinke. Juz sie caly dzien z tym mecze. Takze godzina w ta czy w ta nie robi wiekszej roznicy.

ekran1.bmp

ekran1.bmp

Mateusz J.
komentarz
komentarz

Na wszelki wypadek piszę:

Fix tzn. - Uruchamiasz HijackThis => Klikasz Do a system scan only => zaznaczasz wpisy, które podaje => klikasz Fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

Ustawiałaś tę stronę? Jak nie to Fix.

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O20 - AppInit_DLLs:O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

Fix

Pobierz ComboFix, ale nie uruchamija.

Otwórz notatnik i wklej do niego:

File::C:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\qcyejq.exeC:\WINDOWS\winself.exeFolder::C:\Program Files\TBONBinC:\Program Files\RXToolBarRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SemanticInsight"=-"Lexmark_X79-55"=-"ReJf5vH"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"tbon"=-Driver::MsSecurity1.209.4

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

powereg
komentarz
komentarz

Kurde nie zdazylam tego przeczytac i juz wczesniej uruchomilam combofix taki log jest:

To co mam teraz zrobic ?????? Nie zrobilam zadnego z Twoich krokow :/

ComboFix 08-06-12.2 - abc 2008-06-14 14:09:55.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.194 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\default.htm.---- Previous Run -------.C:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\lfn.exeC:\WINDOWS\loader.exeC:\WINDOWS\mainms.vpiC:\WINDOWS\megavid.cdtC:\WINDOWS\msconfd.dllC:\WINDOWS\msettings.iniC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\muotr.soC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\smdat32m.sysC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\hljwugsf.binC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\winself.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_MSSECURITY1.209.4-------\Service_MsSecurity1.209.4(((((((((((((((((((((((((   Files Created from 2008-05-14 to 2008-06-14  ))))))))))))))))))))))))))))))).2008-06-14 14:06 . 2008-06-14 14:06	<DIR>	d--hs----	C:\FOUND.0092008-06-14 13:41 . 2008-06-14 13:41	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18	<DIR>	dr-------	C:\Documents and Settings\LocalService\Ulubione2008-06-13 20:18 . 2008-06-13 20:18	90,071	--a------	C:\WINDOWS\system32\iftuyszv.exe2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58	12,632	--a------	C:\WINDOWS\system32\lsdelete.exe.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45	---------	d-----w	C:\Program Files\Gofin2008-04-17 10:47	18,432	----a-w	C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21	935	---ha-w	C:\hpothb07.dat2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04	3,839,807	----a-w	C:\Program Files\rfw_en_10.exe2007-01-23 09:50	16,384	------w	C:\Program Files\Musicmatch2006-09-01 12:46	152	---ha-w	C:\Program Files\hpothb07.dat2006-08-14 11:29	261	---ha-w	C:\Program Files\hpothb07.tif2004-10-01 13:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe.(((((((((((((((((((((((((((((((((((((((((((((   AWF   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\bak\ctfmon.exe----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\ctfmon.exe----a-w		   155,648 2001-07-09 09:50:42  C:\WINDOWS\system32\bak\NeroCheck.exe----a-w			70,824 2003-08-28 08:09:00  C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w		   180,269 2006-06-27 15:58:42  C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w		   131,072 2004-06-03 18:51:54  C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w			32,768 2004-11-02 18:24:46  C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w			36,975 2005-08-26 16:14:44  C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\CnxMon.exe----a-w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\Watch.exe------w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\Watch.exe----a-w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w		   190,464 2006-10-20 20:04:06  C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w		 3,305,472 2006-07-26 11:48:28  C:\Program Files\BearShare\bak\BearShare.exe----a-w			81,920 2005-01-24 17:58:02  D:\Programy\bak\SsAAD.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe----a-w		   385,024 2008-01-10 13:27:36  D:\Programy\QTTask.exe----a-w		 2,396,160 2006-02-17 12:03:58  D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w		 3,223,552 2006-02-27 10:59:46  D:\Programy\BearShare\bak\BearShare.exe----a-w			57,344 2005-06-06 21:46:24  D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"tbon"="C:\Program Files\TBONBin\tbon.exe" [ ]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"ReJf5vH"="C:\WINDOWS\qcyejq.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad55138-f79c-11da-86bd-806d6172696f}]\Shell\AutoRun\command - G:\Autorun.exe root.ini.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-06-13 22:00:04 C:\WINDOWS\Tasks\At25.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 23:00:02 C:\WINDOWS\Tasks\At26.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 00:00:00 C:\WINDOWS\Tasks\At27.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 01:00:00 C:\WINDOWS\Tasks\At28.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 02:00:00 C:\WINDOWS\Tasks\At29.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 03:00:00 C:\WINDOWS\Tasks\At30.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 04:00:00 C:\WINDOWS\Tasks\At31.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 05:00:00 C:\WINDOWS\Tasks\At32.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 06:00:00 C:\WINDOWS\Tasks\At33.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 07:00:00 C:\WINDOWS\Tasks\At34.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 08:00:00 C:\WINDOWS\Tasks\At35.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 09:00:00 C:\WINDOWS\Tasks\At36.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 10:00:00 C:\WINDOWS\Tasks\At37.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 11:00:00 C:\WINDOWS\Tasks\At38.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 12:00:02 C:\WINDOWS\Tasks\At39.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 13:00:02 C:\WINDOWS\Tasks\At40.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 14:00:02 C:\WINDOWS\Tasks\At41.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 15:00:02 C:\WINDOWS\Tasks\At42.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 16:00:02 C:\WINDOWS\Tasks\At43.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 17:00:02 C:\WINDOWS\Tasks\At44.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 18:00:00 C:\WINDOWS\Tasks\At45.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 19:00:02 C:\WINDOWS\Tasks\At46.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 20:00:02 C:\WINDOWS\Tasks\At47.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 21:00:02 C:\WINDOWS\Tasks\At48.job"- C:\WINDOWS\system32\winmds.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 14:13:42Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\Programy\Avast\aswUpdSv.exeD:\Programy\Avast\ashServ.exeC:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXEC:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXEC:\WINDOWS\SYSTEM32\RUNDLL32.EXEC:\PROGRAM FILES\OPENOFFICE.UX.PL 2.0\PROGRAM\SOFFICE.EXEC:\PROGRAM FILES\OPENOFFICE.UX.PL 2.0\PROGRAM\SOFFICE.BINC:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXEC:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXEC:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXEC:\WINDOWS\SYSTEM32\NVSVC32.EXEC:\PROGRAM FILES\COMMON FILES\TELECA SHARED\GENERIC.EXEC:\WINDOWS\SYSTEM32\WDFMGR.EXEC:\PROGRAM FILES\SONY ERICSSON\MOBILE2\MOBILE PHONE MONITOR\EPMWORKER.EXED:\Programy\Avast\ashMaiSv.exeD:\Programy\Avast\ashWebSv.exeC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE.**************************************************************************.Completion time: 2008-06-14 14:15:47 - machine was rebooted [abc]ComboFix-quarantined-files.txt  2008-06-14 12:15:44Pre-Run: 9,699,934,208 bajtów wolnychPost-Run: 10,249,650,176 bajt˘w wolnych324	--- E O F ---	2008-06-11 18:24:30
Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::C:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\qcyejq.exeC:\WINDOWS\winself.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job" C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At48.jobD:\Programy\SsAAD.exeFolder::C:\Program Files\TBONBinC:\Program Files\RXToolBarC:\FOUND.009Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad55138-f79c-11da-86bd-806d6172696f}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ReJf5vH"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"tbon"=-[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -O20 - AppInit_DLLs:O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

Wpisy Fix w HijackThis, większość już powinna zniknąć, bo wykonaniu usuwania za pomocą ComboFix-a.

Na koniec pokazujesz log z ComboFix, który powstał przy usuwaniu + nowy log z HijackThis.

powereg
komentarz
komentarz

wpis combofix

ComboFix 08-06-12.2 - abc 2008-06-14 17:35:40.3 - [b]FAT32[/b]x86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.372 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exeCommand switches used :: D:\Programy\ComboFix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\qcyejq.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job"C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.jobC:\WINDOWS\winself.exeD:\Programy\SsAAD.exe.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\FOUND.009C:\FOUND.009\FILE0000.CHKC:\FOUND.009\FILE0001.CHKC:\Program Files\TBONBinC:\Program Files\TBONBin\tboninst.cfgC:\Program Files\TBONBin\TBONUnst.htmC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.jobC:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.jobC:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.jobC:\WINDOWS\Tasks\At35.jobC:\WINDOWS\Tasks\At36.jobC:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.jobC:\WINDOWS\Tasks\At39.jobC:\WINDOWS\Tasks\At40.jobC:\WINDOWS\Tasks\At41.jobC:\WINDOWS\Tasks\At42.jobC:\WINDOWS\Tasks\At43.jobC:\WINDOWS\Tasks\At44.jobC:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.job.(((((((((((((((((((((((((   Files Created from 2008-05-14 to 2008-06-14  ))))))))))))))))))))))))))))))).2008-06-14 13:41 . 2008-06-14 13:41	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18	<DIR>	dr-------	C:\Documents and Settings\LocalService\Ulubione2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58	12,632	--a------	C:\WINDOWS\system32\lsdelete.exe.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45	---------	d-----w	C:\Program Files\Gofin2008-04-17 10:47	18,432	----a-w	C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21	935	---ha-w	C:\hpothb07.dat2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04	3,839,807	----a-w	C:\Program Files\rfw_en_10.exe2007-01-23 09:50	16,384	------w	C:\Program Files\Musicmatch2006-09-01 12:46	152	---ha-w	C:\Program Files\hpothb07.dat2006-08-14 11:29	261	---ha-w	C:\Program Files\hpothb07.tif2004-10-01 13:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe.(((((((((((((((((((((((((((((   snapshot@2008-06-14_14.15.04.64   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-14 12:13:12	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-14 15:34:40	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((((((((((   AWF   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\bak\ctfmon.exe----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\ctfmon.exe----a-w		   155,648 2001-07-09 09:50:42  C:\WINDOWS\system32\bak\NeroCheck.exe----a-w			70,824 2003-08-28 08:09:00  C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w		   180,269 2006-06-27 15:58:42  C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w		   131,072 2004-06-03 18:51:54  C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w			32,768 2004-11-02 18:24:46  C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w			36,975 2005-08-26 16:14:44  C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\CnxMon.exe----a-w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\Watch.exe------w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\Watch.exe----a-w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w		   190,464 2006-10-20 20:04:06  C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w		 3,305,472 2006-07-26 11:48:28  C:\Program Files\BearShare\bak\BearShare.exe----a-w			81,920 2005-01-24 17:58:02  D:\Programy\bak\SsAAD.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe----a-w		   385,024 2008-01-10 13:27:36  D:\Programy\QTTask.exe----a-w		 2,396,160 2006-02-17 12:03:58  D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w		 3,223,552 2006-02-27 10:59:46  D:\Programy\BearShare\bak\BearShare.exe----a-w			57,344 2005-06-06 21:46:24  D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57]*Newly Created Service* - ADILOADER.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 17:37:08Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\tsd32.dll.Completion time: 2008-06-14 17:37:35ComboFix-quarantined-files.txt  2008-06-14 15:37:34ComboFix2.txt  2008-06-14 12:15:50Pre-Run: 10,050,945,024 bajtów wolnychPost-Run: 10,252,926,976 bajtów wolnych226	--- E O F ---	2008-06-11 18:24:30Nowy log z HijackthisComboFix 08-06-12.2 - abc 2008-06-14 17:35:40.3 - [b]FAT32[/b]x86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.372 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exeCommand switches used :: D:\Programy\ComboFix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\qcyejq.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job"C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.jobC:\WINDOWS\winself.exeD:\Programy\SsAAD.exe.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\FOUND.009C:\FOUND.009\FILE0000.CHKC:\FOUND.009\FILE0001.CHKC:\Program Files\TBONBinC:\Program Files\TBONBin\tboninst.cfgC:\Program Files\TBONBin\TBONUnst.htmC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.jobC:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.jobC:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.jobC:\WINDOWS\Tasks\At35.jobC:\WINDOWS\Tasks\At36.jobC:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.jobC:\WINDOWS\Tasks\At39.jobC:\WINDOWS\Tasks\At40.jobC:\WINDOWS\Tasks\At41.jobC:\WINDOWS\Tasks\At42.jobC:\WINDOWS\Tasks\At43.jobC:\WINDOWS\Tasks\At44.jobC:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.job.(((((((((((((((((((((((((   Files Created from 2008-05-14 to 2008-06-14  ))))))))))))))))))))))))))))))).2008-06-14 13:41 . 2008-06-14 13:41	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18	<DIR>	dr-------	C:\Documents and Settings\LocalService\Ulubione2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53	273,024	---------	C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58	12,632	--a------	C:\WINDOWS\system32\lsdelete.exe.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\quartz.dll2008-05-07 05:16	1,291,264	----a-w	C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45	---------	d-----w	C:\Program Files\Gofin2008-04-17 10:47	18,432	----a-w	C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21	935	---ha-w	C:\hpothb07.dat2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52	621,344	----a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52	178,976	----a-w	C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\win32k.sys2008-03-20 08:09	1,845,504	----a-w	C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04	3,839,807	----a-w	C:\Program Files\rfw_en_10.exe2007-01-23 09:50	16,384	------w	C:\Program Files\Musicmatch2006-09-01 12:46	152	---ha-w	C:\Program Files\hpothb07.dat2006-08-14 11:29	261	---ha-w	C:\Program Files\hpothb07.tif2004-10-01 13:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe.(((((((((((((((((((((((((((((   snapshot@2008-06-14_14.15.04.64   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-14 12:13:12	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-14 15:34:40	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((((((((((   AWF   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\bak\ctfmon.exe----a-w			15,360 2004-08-03 21:44:20  C:\WINDOWS\system32\ctfmon.exe----a-w		   155,648 2001-07-09 09:50:42  C:\WINDOWS\system32\bak\NeroCheck.exe----a-w			70,824 2003-08-28 08:09:00  C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w		   180,269 2006-06-27 15:58:42  C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w		   131,072 2004-06-03 18:51:54  C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w			32,768 2004-11-02 18:24:46  C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w			36,975 2005-08-26 16:14:44  C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w			24,576 2003-10-16 16:07:10  C:\Program Files\Neostrada TP\CnxMon.exe----a-w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\Watch.exe------w			20,480 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\Watch.exe----a-w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w			53,248 2003-10-16 16:07:12  C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w		   190,464 2006-10-20 20:04:06  C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r			73,840 2006-12-27 14:53:42  C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w		 3,305,472 2006-07-26 11:48:28  C:\Program Files\BearShare\bak\BearShare.exe----a-w			81,920 2005-01-24 17:58:02  D:\Programy\bak\SsAAD.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe----a-w		   385,024 2008-01-10 13:27:36  D:\Programy\QTTask.exe----a-w		 2,396,160 2006-02-17 12:03:58  D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w		 3,223,552 2006-02-27 10:59:46  D:\Programy\BearShare\bak\BearShare.exe----a-w			57,344 2005-06-06 21:46:24  D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w		   155,648 2006-10-08 16:48:04  D:\Programy\bak\bak\qttask.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57]*Newly Created Service* - ADILOADER.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 17:37:08Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\tsd32.dll.Completion time: 2008-06-14 17:37:35ComboFix-quarantined-files.txt  2008-06-14 15:37:34ComboFix2.txt  2008-06-14 12:15:50Pre-Run: 10,050,945,024 bajtów wolnychPost-Run: 10,252,926,976 bajtów wolnych226	--- E O F ---	2008-06-11 18:24:30

//no to może warn cię nauczy używać tagów CODE

//sniper45

Mateusz J.
komentarz
komentarz

Usuń ręcznie folder C: \Qoobox.

Czy avast nadal wykrywa wirusy?

powereg
komentarz
komentarz

ze co ??? Nie wiem czy tak latwo mnie tego nauczyc jak nigdy nie mialam z tym do czynienia.

Chyba wlasnie po to sa takie fora....a poza tym pytam sie warna nie Ciebie to sie nie wtracaj :P

Hmmmm zaraz sprawdze ale on to chyba jej wogole nie wykrywal......

Juz usunelam ten folder.

Mateusz J.
komentarz
komentarz
ze co ??? Nie wiem czy tak latwo mnie tego nauczyc jak nigdy nie mialam z tym do czynienia.

Chyba wlasnie po to sa takie fora....a poza tym pytam sie warna nie Ciebie to sie nie wtracaj

Powiem Ci tak, jak byś przeczytała Regulamin działu Bezpieczeństwo, to byś wiedziała jak to się robi :)

Hmmmm zaraz sprawdze ale on to chyba jej wogole nie wykrywal......

A widać jakąś poprawę?

powereg
komentarz
komentarz

No moze i racja. Ale nie mam za bardzo czasu bo w pon. mam wazny egzamin. nie wszystko jest zawsze takie proste. Niestety.

Od razu po 1-szym combofixie mi wszystko zniklo i wrocilo do normy. Narazie jestem w polowie skanowania avastem.

Avast nic nie wykrywa. Chyba 'jestem czysta' juz :P Takze strasznie dzieki za pomoc i prosze mnie nie brac za kretynke - jesli mialabym czas to bym wszystko na spokojnie poczytala, raczej nie jestem osoba idaca na latwizne [ to do kolegi]

Jeszcze raz dzieki. Moge spokojnie wrocic do notatek :)

  • 2 tygodnie później...
Kamior
komentarz
komentarz

Witam :)

Mam prośbę o pomoc.

Wczoraj ściągnąłem jakieś badziewie torrentem i mam teraz wielki problem.

To jest Log(chyba bo nie wiem jak to się nazywa :P) z Combofixa.

ComboFix 08-06-16.5 - Kamior 2008-06-25 18:14:40.11 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.432 [GMT 2:00]

Running from: D:\Różne\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))

.

2008-06-25 17:54 . 2008-06-25 17:54 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\DoctorWeb

2008-06-25 17:22 . 2008-06-25 17:22 109,056 --a------ C:\WINDOWS\system32\lphcv9aj0e711.exe

2008-06-25 17:22 . 2008-06-25 17:54 90,838 --a------ C:\WINDOWS\system32\phcv9aj0e711.bmp

2008-06-25 17:22 . 2008-06-25 17:54 60,928 --a------ C:\WINDOWS\system32\blphcv9aj0e711.scr

2008-06-25 17:21 . 2008-06-25 17:21 61,440 --a------ C:\WINDOWS\system32\Setup_ver1.1351.25.exe

2008-06-24 23:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\MSBuild

2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Works

2008-06-24 23:30 . 2008-06-24 23:30 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-06-24 23:24 . 2008-06-24 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2008-06-24 23:23 . 2008-06-24 23:23 <DIR> dr-h----- C:\MSOCache

2008-06-24 23:20 . 2008-06-24 23:20 <DIR> d-------- C:\Program Files\Alcohol Soft

2008-06-24 23:15 . 2008-06-24 23:15 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-24 21:08 . 2008-06-24 21:09 144 --a------ C:\WINDOWS\wcx_ftp.ini

2008-06-24 21:07 . 2008-06-24 21:07 <DIR> d-------- C:\totalcmd

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF

2008-06-24 21:07 . 2008-06-24 21:10 487 --a------ C:\WINDOWS\wincmd.ini

2008-06-23 18:54 . 2008-06-23 18:55 <DIR> d-------- C:\Program Files\PDFCreator

2008-06-23 18:54 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-06-23 18:54 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-06-23 18:54 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-06-23 18:54 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-06-21 21:37 . 2008-06-21 21:37 <DIR> d-------- C:\Program Files\MarBit

2008-06-17 19:45 . 2008-06-17 19:45 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Thinstall

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Real

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\Real

2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\DllCache\bthport.sys

2008-06-10 17:49 . 2008-06-24 23:37 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-09 20:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-09 20:38 . 2008-06-10 17:51 649 --a------ C:\WINDOWS\ODBC.INI

2008-06-08 13:54 . 2008-06-25 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Ustawienia lokalne

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Ulubione

2008-06-08 13:54 . 2008-05-24 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Szablony

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Pulpit

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Moje dokumenty

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr------- C:\Documents and Settings\Administrator.OSKAR\Menu Start

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator.OSKAR\Dane aplikacji

2008-06-08 13:54 . 2008-06-08 13:54 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR

2008-06-08 13:47 . 2008-06-08 13:47 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\TmpRecentIcons

2008-06-08 13:42 . 2008-06-25 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Ustawienia lokalne

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d---s---- C:\Documents and Settings\Administrator

2008-06-08 12:59 . 2008-06-08 13:45 <DIR> d-------- C:\Program Files\YouTube Downloader

2008-06-08 12:08 . 2008-06-08 06:10 94,208 --a------ C:\WINDOWS\emoq.exe

2008-06-07 22:54 . 2008-06-07 22:54 52,637 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-07 22:53 . 2008-06-07 22:53 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-07 22:52 . 2008-06-07 22:54 6,128 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-07 22:51 . 2008-06-07 22:51 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-05 21:47 . 2008-06-05 21:47 <DIR> d-------- C:\Program Files\IrfanView

2008-06-05 00:40 . 2008-06-05 00:40 38 --a------ C:\WINDOWS\avisplitter.INI

2008-06-02 00:43 . 2008-06-02 00:45 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2008-05-30 22:15 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys

2008-05-27 22:38 . 2008-05-27 22:38 <DIR> d-------- C:\Program Files\SoftMaker Viewer

2008-05-27 22:38 . 2008-02-11 13:06 67,104 --a------ C:\WINDOWS\unTMV.exe

2008-05-27 16:06 . 2008-06-16 22:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2008-05-27 16:06 . 2008-06-09 10:24 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-05-26 16:53 . 2008-05-26 16:53 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-05-25 17:54 . 2008-05-25 18:08 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP

2008-05-25 17:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll

2008-05-25 17:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll

2008-05-25 17:09 . 2008-06-25 17:06 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-25 13:10 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

2008-05-25 12:56 . 2008-06-21 03:02 <DIR> d-------- C:\WINDOWS\system32\DllCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 15:23 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus

2008-06-17 17:48 --------- d-----w C:\Program Files\Azureus

2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-06-05 19:43 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-29 03:05 --------- d-----w C:\Program Files\Ares

2008-05-24 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-24 20:30 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\DataCast

2008-05-24 20:22 --------- d-----w C:\Program Files\Samsung

2008-05-24 20:05 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-24 20:05 --------- d-----w C:\Program Files\Ahead

2008-05-24 19:54 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-05-24 19:54 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Media Player Classic

2008-05-24 17:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus

2008-05-24 16:25 --------- d-----w C:\Program Files\Ganymede

2008-05-24 16:23 --------- d-----w C:\Program Files\SopCast

2008-05-24 16:03 --------- d-----w C:\Program Files\Winamp

2008-05-24 16:02 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Winamp

2008-05-24 13:03 --------- d-----w C:\Program Files\WapSter

2008-05-24 13:01 --------- d-----w C:\Program Files\Sygate

2008-05-24 12:18 --------- d-----w C:\Program Files\Realtek

2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-24 12:11 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\InstallShield

2008-05-21 22:22 --------- d-----w C:\Program Files\Kolekcja Klasyki

2008-05-21 16:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-21 16:48 --------- d-----w C:\Program Files\Fingerprint Sensor

2008-05-21 16:45 --------- d-----w C:\Program Files\CONEXANT

2008-05-21 16:42 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-21 16:39 --------- d-----w C:\Program Files\Broadcom

2008-05-21 16:35 --------- d-----w C:\Documents and Settings\Kamior\Dane aplikacji\InstallShield

2008-05-21 16:34 --------- d-----w C:\Program Files\Intel

2008-05-21 15:50 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-21 15:47 --------- d-----w C:\Program Files\Usługi online

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys

2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\DllCache\quartz.dll

2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\DllCache\mswstr10.dll

2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:52 178,976 ------w C:\WINDOWS\system32\DllCache\msjint40.dll

.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A185BFAF-A6CF-42C5-A3BE-A9121F491A91}"= "C:\WINDOWS\nmwegbsf.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{a185bfaf-a6cf-42c5-a3be-a9121f491a91}]

[HKEY_CLASSES_ROOT\nmwegbsf.1]

[HKEY_CLASSES_ROOT\TypeLib\{9410E20F-BA99-4814-B734-89EF5B5806A2}]

[HKEY_CLASSES_ROOT\nmwegbsf]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-21 04:57 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-21 04:57 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-21 04:57 138008]

"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 07:32 16132608 C:\WINDOWS\RTHDCPL.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 10:51 53248]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"lphcv9aj0e711"="C:\WINDOWS\system32\lphcv9aj0e711.exe" [2008-06-25 17:22 109056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 18:15:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Completion time: 2008-06-25 18:15:41

ComboFix-quarantined-files.txt 2008-06-25 16:15:37

Pre-Run: 5,741,133,824 bajtów wolnych

Post-Run: 5,731,667,968 bajtów wolnych

198 --- E O F --- 2008-06-21 01:02:16

A mój pulpit wygląda tak :

clipboard01mt4.jpg

i ogólnie lipa :(

Proszę o pomoc.

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::C:\WINDOWS\system32\lphcv9aj0e711.exeC:\WINDOWS\system32\phcv9aj0e711.bmpC:\WINDOWS\system32\blphcv9aj0e711.scrC:\WINDOWS\system32\Setup_ver1.1351.25.exeC:\WINDOWS\nmwegbsf.dllRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"lphcv9aj0e711"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{A185BFAF-A6CF-42C5-A3BE-A9121F491A91}"=-

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Prócz powstałego loga z ComboFix, wklej loga z HijackThis.

Kamior
komentarz
komentarz
ComboFix 08-06-16.5 - Administrator 2008-06-25 21:02:01.15 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.829 [GMT 2:00]

Running from: D:\Różne\ComboFix.exe

Command switches used :: D:\Różne\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\nmwegbsf.dll

C:\WINDOWS\system32\blphcv9aj0e711.scr

C:\WINDOWS\system32\lphcv9aj0e711.exe

C:\WINDOWS\system32\phcv9aj0e711.bmp

C:\WINDOWS\system32\Setup_ver1.1351.25.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Kamior.OSKAR\Ustawienia lokalne\Temporary Internet Files\

C:\WINDOWS\system32\blphcv9aj0e711.scr

C:\WINDOWS\system32\lphcv9aj0e711.exe

C:\WINDOWS\system32\phcv9aj0e711.bmp

C:\WINDOWS\system32\Setup_ver1.1351.25.exe

.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))

.

2008-06-25 17:54 . 2008-06-25 17:54 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\DoctorWeb

2008-06-24 23:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\MSBuild

2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Works

2008-06-24 23:30 . 2008-06-24 23:30 <DIR> d-------- C:\Program Files\Microsoft.NET

2008-06-24 23:24 . 2008-06-24 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2008-06-24 23:23 . 2008-06-24 23:23 <DIR> dr-h----- C:\MSOCache

2008-06-24 23:20 . 2008-06-24 23:20 <DIR> d-------- C:\Program Files\Alcohol Soft

2008-06-24 23:15 . 2008-06-24 23:15 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-06-24 21:08 . 2008-06-24 21:09 144 --a------ C:\WINDOWS\wcx_ftp.ini

2008-06-24 21:07 . 2008-06-24 21:07 <DIR> d-------- C:\totalcmd

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF

2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF

2008-06-24 21:07 . 2008-06-24 21:10 487 --a------ C:\WINDOWS\wincmd.ini

2008-06-23 18:54 . 2008-06-23 18:55 <DIR> d-------- C:\Program Files\PDFCreator

2008-06-23 18:54 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-06-23 18:54 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-06-23 18:54 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX

2008-06-23 18:54 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-06-21 21:37 . 2008-06-21 21:37 <DIR> d-------- C:\Program Files\MarBit

2008-06-17 19:45 . 2008-06-17 19:45 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Thinstall

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Real

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared

2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\Real

2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\DllCache\bthport.sys

2008-06-10 17:49 . 2008-06-24 23:37 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-06-09 20:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-06-09 20:38 . 2008-06-10 17:51 649 --a------ C:\WINDOWS\ODBC.INI

2008-06-08 13:54 . 2008-06-25 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Ustawienia lokalne

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Ulubione

2008-06-08 13:54 . 2008-05-24 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Szablony

2008-06-08 13:54 . 2008-06-25 21:03 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Pulpit

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Moje dokumenty

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr------- C:\Documents and Settings\Administrator.OSKAR\Menu Start

2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator.OSKAR\Dane aplikacji

2008-06-08 13:54 . 2008-06-08 13:54 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR

2008-06-08 13:47 . 2008-06-08 13:47 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\TmpRecentIcons

2008-06-08 13:42 . 2008-06-25 19:43 <DIR> d-------- C:\Documents and Settings\Administrator\Ustawienia lokalne

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji

2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d---s---- C:\Documents and Settings\Administrator

2008-06-08 12:59 . 2008-06-08 13:45 <DIR> d-------- C:\Program Files\YouTube Downloader

2008-06-08 12:08 . 2008-06-08 06:10 94,208 --a------ C:\WINDOWS\emoq.exe

2008-06-07 22:54 . 2008-06-07 22:54 52,637 --a------ C:\WINDOWS\BricoPackUninst.cmd

2008-06-07 22:53 . 2008-06-07 22:53 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp

2008-06-07 22:52 . 2008-06-07 22:54 6,128 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-07 22:51 . 2008-06-07 22:51 <DIR> d-------- C:\WINDOWS\BricoPacks

2008-06-05 21:47 . 2008-06-05 21:47 <DIR> d-------- C:\Program Files\IrfanView

2008-06-05 00:40 . 2008-06-05 00:40 38 --a------ C:\WINDOWS\avisplitter.INI

2008-06-02 00:43 . 2008-06-02 00:45 <DIR> d-------- C:\Program Files\NAPI-PROJEKT

2008-05-30 22:15 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys

2008-05-27 22:38 . 2008-05-27 22:38 <DIR> d-------- C:\Program Files\SoftMaker Viewer

2008-05-27 22:38 . 2008-02-11 13:06 67,104 --a------ C:\WINDOWS\unTMV.exe

2008-05-27 16:06 . 2008-06-16 22:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2008-05-27 16:06 . 2008-06-09 10:24 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-05-26 16:53 . 2008-05-26 16:53 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-05-25 17:54 . 2008-05-25 18:08 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP

2008-05-25 17:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll

2008-05-25 17:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll

2008-05-25 17:09 . 2008-06-25 19:25 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-25 13:10 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll

2008-05-25 12:56 . 2008-06-21 03:02 <DIR> d-------- C:\WINDOWS\system32\DllCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 19:03 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-06-25 19:03 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT

2008-06-25 18:59 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-06-25 18:59 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT

2008-06-25 18:59 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus

2008-06-17 17:48 --------- d-----w C:\Program Files\Azureus

2008-06-05 19:43 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-29 03:05 --------- d-----w C:\Program Files\Ares

2008-05-24 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-24 20:30 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\DataCast

2008-05-24 20:22 --------- d-----w C:\Program Files\Samsung

2008-05-24 20:05 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-24 20:05 --------- d-----w C:\Program Files\Ahead

2008-05-24 19:54 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-05-24 19:54 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Media Player Classic

2008-05-24 17:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus

2008-05-24 16:25 --------- d-----w C:\Program Files\Ganymede

2008-05-24 16:23 --------- d-----w C:\Program Files\SopCast

2008-05-24 16:03 --------- d-----w C:\Program Files\Winamp

2008-05-24 16:02 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Winamp

2008-05-24 13:03 --------- d-----w C:\Program Files\WapSter

2008-05-24 13:01 --------- d-----w C:\Program Files\Sygate

2008-05-24 12:18 --------- d-----w C:\Program Files\Realtek

2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-05-24 12:11 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\InstallShield

2008-05-24 11:55 --------- d-s---w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft

2008-05-24 11:55 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft

2008-05-21 22:22 --------- d-----w C:\Program Files\Kolekcja Klasyki

2008-05-21 16:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-21 16:48 --------- d-----w C:\Program Files\Fingerprint Sensor

2008-05-21 16:45 --------- d-----w C:\Program Files\CONEXANT

2008-05-21 16:42 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-21 16:39 --------- d-----w C:\Program Files\Broadcom

2008-05-21 16:35 --------- d-----w C:\Documents and Settings\Kamior\Dane aplikacji\InstallShield

2008-05-21 16:34 --------- d-----w C:\Program Files\Intel

2008-05-21 15:50 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-21 15:47 --------- d-----w C:\Program Files\Usługi online

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-25_18.15.30,07 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-25 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-25 19:04:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-25 15:58:32 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-25 17:49:20 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-25 15:58:32 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat

+ 2008-06-25 17:49:20 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat

- 2008-06-25 15:58:32 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-25 17:49:20 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-25 15:58:32 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat

+ 2008-06-25 17:49:20 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-21 04:57 142104]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-21 04:57 162584]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-21 04:57 138008]

"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 07:32 16132608 C:\WINDOWS\RTHDCPL.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 10:51 53248]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 21:04:51

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Sygate\SPF\Smc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\DOCUME~1\KAMIOR~1.OSK\USTAWI~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2008-06-25 21:06:38 - machine was rebooted [Kamior]

ComboFix-quarantined-files.txt 2008-06-25 19:06:36

ComboFix2.txt 2008-06-25 17:43:06

ComboFix3.txt 2008-06-25 17:39:39

ComboFix4.txt 2008-06-25 17:12:27

ComboFix5.txt 2008-06-25 16:15:41

Pre-Run: 5,759,631,360 bajtów wolnych

Post-Run: 5,747,441,664 bajt˘w wolnych

226 --- E O F --- 2008-06-21 01:02:16

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:08, on 2008-06-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\WapSter\AQQ\AQQ.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\DOCUME~1\KAMIOR~1.OSK\USTAWI~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 5812 bytes

Chyba wszystko jest ok. Wielkie dziękuje!! :)

snip91
komentarz
komentarz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')

FIX

Kamior
komentarz
komentarz

Ale co? Gdzie? Jak? :P

Mateusz J.
komentarz
komentarz
Ale co? Gdzie? Jak? tongue.gif

Uruchom HijackThis.

Wybierz Do a system scan only.

Zaznacz wpisy podane przez kolege.

Kliknij Fix checked.

Gotowe.

Kamior
komentarz
komentarz

Dziękuję bardzo :)

Dziękuję bardzo :)

  • 1 miesiąc później...
Kamior
komentarz
komentarz

Witam! Znowu mam jakiś problem z kompem i znowu jakieś gówno złapałem :/ Proszę o pomoc :(

Komp nie łączy mi się z serverem gg i cały czas mam temp2 i internet explorer -znaczy te okienka ze wystapił błąd i trzeba to zamknąć.

To jest mój Log z Combofixa

ComboFix 08-07-27.6 - Kamior 2008-08-23 0:41:56.26 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.679 [GMT 2:00]

Running from: D:\Różne\my last escape\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

C:\WINDOWS\autorun.inf

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\xcopy.exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))

.

2008-08-22 23:22 . 2008-08-22 23:22 <DIR> d-------- C:\Program Files\Gadu-Gadu

2008-08-22 23:18 . 2008-08-22 23:18 <DIR> d-------- C:\Program Files\WapSter

2008-08-20 17:41 . 2008-08-20 21:31 <DIR> d-------- C:\Program Files\MOBILedit!

2008-08-20 16:27 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll

2008-08-08 18:32 . 2008-08-23 00:40 223,946 --a------ C:\WINDOWS\system32\mswmpdat.tlb

2008-08-08 18:32 . 2004-08-04 14:00 98,304 -rahs---- C:\WINDOWS\system32\mstmdm.dll

2008-08-02 23:00 . 2008-08-02 23:00 <DIR> d-------- C:\Program Files\LucasArts

2008-08-02 20:08 . 2008-08-04 21:40 <DIR> d-------- C:\Program Files\eMule

2008-08-02 16:21 . 2006-11-03 14:31 70,207 -rahs---- C:\host.exe

2008-08-02 16:21 . 2006-05-13 05:40 1,211 -rahs---- C:\copy.exe

2008-07-31 20:53 . 2008-07-31 20:53 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Gadu-Gadu

2008-07-31 20:52 . 2008-08-22 23:22 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Gadu-Gadu

2008-07-30 13:03 . 2008-07-30 13:10 <DIR> d-------- C:\Program Files\Tlen.pl

2008-07-30 13:03 . 2008-07-30 13:06 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Tlen.pl

2008-07-28 18:26 . 2008-08-23 00:40 2,085 --a------ C:\WINDOWS\system32\temp2.exe

2008-07-27 22:52 . 2008-08-23 00:40 35,346 --a------ C:\WINDOWS\system32\temp1.exe

2008-07-23 13:26 . 2008-08-07 21:48 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\EurekaLog

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-22 14:47 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus

2008-08-04 16:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet

2008-08-02 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-30 11:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2008-07-24 17:24 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-07-20 11:09 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Sports Interactive

2008-07-20 10:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-07-20 10:52 --------- d--h--r C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\SecuROM

2008-07-20 10:51 --------- d--h--w C:\Program Files\Zero G Registry

2008-07-19 12:48 --------- d-----w C:\Program Files\Silent Hill

2008-07-18 19:10 201,728 ----a-w C:\WINDOWS\system32\tdk-screensaver-a03.scr

2008-07-09 16:45 17,920 ----a-w C:\WINDOWS\system32\dop94.dll

2008-07-08 17:23 17,920 ----a-w C:\WINDOWS\system32\ascisys.dll

2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:19 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll

2008-07-03 16:53 --------- d-----w C:\Program Files\Azureus

2008-06-29 16:02 17,920 ----a-w C:\WINDOWS\system32\ksadio.dll

2008-06-27 18:22 17,920 ----a-w C:\WINDOWS\system32\ks94.dll

2008-06-27 08:45 17,920 ----a-w C:\WINDOWS\system32\ksisys.dll

2008-06-27 08:45 17,920 ----a-w C:\WINDOWS\system32\asc94.dll

2008-06-27 08:43 17,920 ----a-w C:\WINDOWS\system32\dopadio.dll

2008-06-27 08:17 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-27 08:17 --------- d-----w C:\Program Files\Bonjour

2008-06-27 08:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-06-26 08:03 --------- d-----w C:\Program Files\MagicISO

2008-06-25 19:08 --------- d-----w C:\Program Files\Trend Micro

2008-06-24 21:32 --------- d-----w C:\Program Files\MSBuild

2008-06-24 21:32 --------- d-----w C:\Program Files\Microsoft Works

2008-06-24 21:30 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-24 21:20 --------- d-----w C:\Program Files\Alcohol Soft

2008-06-24 21:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:30 74,240 ------w C:\WINDOWS\system32\DllCache\mscms.dll

2008-06-23 16:55 --------- d-----w C:\Program Files\PDFCreator

2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe

2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\DllCache\mswsock.dll

2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\DllCache\dnsapi.dll

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys

2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\DllCache\tcpip6.sys

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\DllCache\bthport.sys

2008-06-07 20:54 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-07 20:54 52,637 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe

2004-08-04 12:00 98,304 --sha-r C:\WINDOWS\system32\mstmdm.dll

.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-24_22.57.52.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-07 20:29:10 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:25:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:40:48 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:21:28 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:21:28 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:21:28 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:40:47 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-06-24 16:46:33 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:54:28 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:40:47 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-06-23 15:13:22 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll

+ 2008-06-26 08:14:35 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll

+ 2008-06-26 08:14:35 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll

+ 2008-06-23 15:13:22 668,672 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll

+ 2008-06-25 04:27:42 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll

+ 2008-06-26 08:01:04 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll

+ 2008-06-26 08:01:05 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll

+ 2008-06-23 14:57:40 669,184 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll

+ 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll

+ 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe

+ 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll

+ 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe

+ 2007-11-30 12:40:48 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll

- 2008-04-21 06:58:11 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll

+ 2008-06-23 16:16:52 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll

- 2008-04-21 06:58:11 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

+ 2008-06-23 16:16:52 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll

- 2008-04-21 06:58:12 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

+ 2008-06-23 16:16:52 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll

- 2008-04-21 06:58:11 1,021,952 ----a-w C:\WINDOWS\system32\DllCache\browseui.dll

+ 2008-06-23 16:16:52 1,024,000 ----a-w C:\WINDOWS\system32\DllCache\browseui.dll

- 2008-04-21 06:58:11 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll

+ 2008-06-23 16:16:52 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll

- 2008-04-21 06:58:12 1,055,744 ------w C:\WINDOWS\system32\DllCache\danim.dll

+ 2008-06-23 16:16:52 1,055,744 ------w C:\WINDOWS\system32\DllCache\danim.dll

- 2008-04-21 06:58:12 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll

+ 2008-06-23 16:16:52 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll

- 2008-04-21 06:58:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll

+ 2008-06-23 16:16:52 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll

- 2008-04-21 06:58:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll

+ 2008-06-23 16:16:52 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll

- 2008-04-21 06:58:13 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll

+ 2008-06-23 16:16:53 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll

- 2007-08-21 06:26:10 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll

+ 2008-04-11 18:41:09 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll

- 2008-04-21 06:58:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll

+ 2008-06-23 16:16:53 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll

- 2008-04-21 06:58:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll

+ 2008-06-23 16:16:53 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll

- 2008-04-21 06:58:17 3,528,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll

+ 2008-06-23 16:16:53 3,088,384 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll

- 2008-04-21 06:58:18 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll

+ 2008-06-23 16:16:53 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll

- 2008-04-21 06:58:18 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll

+ 2008-06-23 16:16:53 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll

- 2008-04-21 06:58:18 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll

+ 2008-06-23 16:16:54 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll

- 2008-04-21 06:58:19 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll

+ 2008-06-23 16:16:54 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll

- 2008-04-21 06:58:20 1,778,688 ----a-w C:\WINDOWS\system32\DllCache\shdocvw.dll

+ 2008-06-23 16:16:54 1,499,136 ----a-w C:\WINDOWS\system32\DllCache\shdocvw.dll

- 2008-04-21 06:58:21 498,688 ----a-w C:\WINDOWS\system32\DllCache\shlwapi.dll

+ 2008-06-23 16:16:54 474,112 ----a-w C:\WINDOWS\system32\DllCache\shlwapi.dll

- 2008-04-21 06:58:22 693,248 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll

+ 2008-06-23 16:16:54 619,520 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll

- 2008-04-21 06:58:22 703,488 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll

+ 2008-06-23 16:16:55 669,696 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll

- 2008-04-21 06:58:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-06-23 16:16:52 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-04-21 06:58:13 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-06-23 16:16:52 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-04-21 06:58:13 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-06-23 16:16:52 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2008-04-21 06:58:13 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

+ 2008-06-23 16:16:53 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll

- 2007-08-21 06:26:10 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

+ 2008-04-11 18:41:09 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

- 2008-04-21 06:58:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

+ 2008-06-23 16:16:53 96,768 ----a-w C:\WINDOWS\system32\inseng.dll

- 2008-04-21 06:58:13 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-06-23 16:16:53 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2008-04-21 06:58:17 3,528,704 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-06-23 16:16:53 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-04-21 06:58:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-06-23 16:16:53 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-04-21 06:58:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-06-23 16:16:53 146,432 ----a-w C:\WINDOWS\system32\msrating.dll

- 2008-04-21 06:58:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-06-23 16:16:54 532,480 ----a-w C:\WINDOWS\system32\mstime.dll

- 2008-07-24 20:43:10 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-08-22 20:55:46 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-07-24 20:43:10 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat

+ 2008-08-22 20:55:46 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat

- 2008-07-24 20:43:10 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-08-22 20:55:46 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-07-24 20:43:10 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat

+ 2008-08-22 20:55:46 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat

- 2008-04-21 06:58:19 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-06-23 16:16:54 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2008-04-21 06:58:20 1,778,688 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-06-23 16:16:54 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2008-04-21 06:58:21 498,688 ----a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-06-23 16:16:54 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll

- 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe

- 2008-04-21 06:58:22 693,248 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-06-23 16:16:54 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-04-21 06:58:22 703,488 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-06-23 16:16:55 669,696 ----a-w C:\WINDOWS\system32\wininet.dll

- 2008-04-17 11:03:57 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-07-03 09:42:47 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-09-06 13:09 765952]

"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 976896 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"UpdateCheck"= {B6232196-3D7A-43FE-B29F-7C12EDC30F23} - C:\WINDOWS\system32\mstmdm.dll [2004-08-04 14:00 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe,EXPLORER.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"D:\\Program Files\\CM08\\fm.exe"=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0abf38-60be-11dd-84e7-001e4c28030b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f24486b-2f18-11dd-8462-001e4c28030b}]

\Shell\AutoRun\command - F:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{352f4ed8-609e-11dd-84e5-001e4c28030b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870c76bf-274e-11dd-9f27-bbe41bd4600a}]

\Shell\AutoRun\command - F:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba627106-4989-11dd-84ae-001e4c28030b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe

HKCU-Run-wsctf.exe - wsctf.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-23 00:42:27

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Completion time: 2008-08-23 0:44:08

ComboFix-quarantined-files.txt 2008-08-22 22:44:04

ComboFix2.txt 2008-07-29 16:21:08

ComboFix3.txt 2008-07-28 17:59:23

ComboFix4.txt 2008-07-24 21:25:00

ComboFix5.txt 2008-08-22 22:41:35

Pre-Run: 5,923,971,072 bajtów wolnych

Post-Run: 5,952,757,760 bajtów wolnych

297 --- E O F --- 2008-08-21 01:01:23

Mateusz J.
komentarz
komentarz

Infekcja z pendrive.

Do notatnika wklej:

File::C:\host.exeC:\WINDOWS\system32\mstmdm.dllC:\WINDOWS\system32\mswmpdat.tlbC:\copy.exeC:\WINDOWS\system32\temp2.exeC:\WINDOWS\system32\temp1.exeC:\WINDOWS\system32\ksadio.dllC:\WINDOWS\system32\ks94.dllC:\WINDOWS\system32\dop94.dllC:\WINDOWS\system32\ascisys.dllC:\WINDOWS\system32\ksisys.dllC:\WINDOWS\system32\asc94.dllC:\WINDOWS\system32\dopadio.dllRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"UpdateCheck"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0abf38-60be-11dd-84e7-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f24486b-2f18-11dd-8462-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{352f4ed8-609e-11dd-84e5-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870c76bf-274e-11dd-9f27-bbe41bd4600a}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba627106-4989-11dd-84ae-001e4c28030b}]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Kamior
komentarz
komentarz

O to i on :

ComboFix 08-07-27.6 - Kamior 2008-08-23 11:21:53.27 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.450 [GMT 2:00]

Running from: D:\Różne\my last escape\ComboFix.exe

Command switches used :: C:\Documents and Settings\Kamior.OSKAR\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- REDUCED FUNCTIONALITY MODE -

FILE ::

C:\copy.exe

C:\host.exe

C:\WINDOWS\system32\asc94.dll

C:\WINDOWS\system32\ascisys.dll

C:\WINDOWS\system32\dop94.dll

C:\WINDOWS\system32\dopadio.dll

C:\WINDOWS\system32\ks94.dll

C:\WINDOWS\system32\ksadio.dll

C:\WINDOWS\system32\ksisys.dll

C:\WINDOWS\system32\mstmdm.dll

C:\WINDOWS\system32\mswmpdat.tlb

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\temp2.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\copy.exe

C:\host.exe

C:\WINDOWS\system32\asc94.dll

C:\WINDOWS\system32\ascisys.dll

C:\WINDOWS\system32\dop94.dll

C:\WINDOWS\system32\dopadio.dll

C:\WINDOWS\system32\ks94.dll

C:\WINDOWS\system32\ksadio.dll

C:\WINDOWS\system32\ksisys.dll

C:\WINDOWS\system32\mstmdm.dll

C:\WINDOWS\system32\mswmpdat.tlb

C:\WINDOWS\system32\temp1.exe

C:\WINDOWS\system32\temp2.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))

.

2008-08-22 23:22 . 2008-08-22 23:22 <DIR> d-------- C:\Program Files\Gadu-Gadu

2008-08-22 23:18 . 2008-08-22 23:18 <DIR> d-------- C:\Program Files\WapSter

2008-08-20 17:41 . 2008-08-20 21:31 <DIR> d-------- C:\Program Files\MOBILedit!

2008-08-20 16:27 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll

2008-08-02 23:00 . 2008-08-02 23:00 <DIR> d-------- C:\Program Files\LucasArts

2008-08-02 20:08 . 2008-08-04 21:40 <DIR> d-------- C:\Program Files\eMule

2008-07-31 20:53 . 2008-07-31 20:53 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Gadu-Gadu

2008-07-31 20:52 . 2008-08-22 23:22 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Gadu-Gadu

2008-07-30 13:03 . 2008-08-23 11:21 <DIR> d-------- C:\Program Files\Tlen.pl

2008-07-30 13:03 . 2008-07-30 13:06 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Tlen.pl

2008-07-23 13:26 . 2008-08-07 21:48 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\EurekaLog

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-23 09:22 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus

2008-08-04 16:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet

2008-08-02 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-30 11:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2008-07-24 17:24 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-07-20 11:09 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Sports Interactive

2008-07-20 10:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-07-20 10:52 --------- d--h--r C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\SecuROM

2008-07-20 10:51 --------- d--h--w C:\Program Files\Zero G Registry

2008-07-19 12:48 --------- d-----w C:\Program Files\Silent Hill

2008-07-18 19:10 201,728 ----a-w C:\WINDOWS\system32\tdk-screensaver-a03.scr

2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:19 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll

2008-07-03 16:53 --------- d-----w C:\Program Files\Azureus

2008-06-27 08:17 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-27 08:17 --------- d-----w C:\Program Files\Bonjour

2008-06-27 08:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-06-26 08:03 --------- d-----w C:\Program Files\MagicISO

2008-06-25 19:08 --------- d-----w C:\Program Files\Trend Micro

2008-06-24 21:32 --------- d-----w C:\Program Files\MSBuild

2008-06-24 21:32 --------- d-----w C:\Program Files\Microsoft Works

2008-06-24 21:30 --------- d-----w C:\Program Files\Microsoft.NET

2008-06-24 21:20 --------- d-----w C:\Program Files\Alcohol Soft

2008-06-24 21:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:30 74,240 ------w C:\WINDOWS\system32\DllCache\mscms.dll

2008-06-23 16:55 --------- d-----w C:\Program Files\PDFCreator

2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe

2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\DllCache\mswsock.dll

2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\DllCache\dnsapi.dll

2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys

2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys

2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\DllCache\tcpip6.sys

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\DllCache\bthport.sys

2008-06-07 20:54 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-06-07 20:54 52,637 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

------- Sigcheck -------

2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe

2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe

.

((((((((((((((((((((((((((((( snapshot_2008-08-23_ 0.43.52.87 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-22 20:55:46 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-08-23 08:33:41 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-08-22 20:55:46 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat

+ 2008-08-23 08:33:41 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat

- 2008-08-22 20:55:46 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-08-23 08:33:41 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-08-22 20:55:46 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat

+ 2008-08-23 08:33:41 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]

"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-09-06 13:09 765952]

"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]

"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 976896 C:\WINDOWS\explorer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]

C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Ares\\Ares.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"D:\\Program Files\\CM08\\fm.exe"=

"C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-23 11:22:13

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

Completion time: 2008-08-23 11:23:51

ComboFix-quarantined-files.txt 2008-08-23 09:23:46

ComboFix2.txt 2008-08-22 22:44:09

ComboFix3.txt 2008-07-29 16:21:08

ComboFix4.txt 2008-07-28 17:59:23

ComboFix5.txt 2008-08-23 09:21:35

Pre-Run: 5,911,433,216 bajtów wolnych

Post-Run: 5,902,172,160 bajtów wolnych

169 --- E O F --- 2008-08-21 01:01:23

Mateusz J.
komentarz
komentarz

Log czysty.

Wywal folder c:\QooBox

Zainstaluj antywirusa, polecam Avirę.

Przeskanuj komputer Ad-aware.

Gość
komentarz
komentarz

Log nie jest czysty, został wpis w rejestrze ;)

Wklej do Notatnika taki tekst:

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EXPLORER.EXE"=-

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

lub

Dr.WEB CureIt!.

Mateusz J.
komentarz
komentarz

Taka mała pierdoła, nie zagraża komputerowi :P

Gość
komentarz
komentarz

Ale czasami może robić problemy z przeglądarką ;)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.