powereg utworzono 14 czerwca 2008 utworzono 14 czerwca 2008 Od wczoraj cos sie dzieje z moim kompem chodzi wolno jak zolw zmienia sie automatycznie tapeta [ jest tam link jak zeby przeskanowac system] domyslam sie ze nie powinnam w niego wchodzic, ikonki otoczone sa szarym tlem, ciagle wyskakuja komunikaty ze komputer zainfekowany [ w pasku zadan taki zolty trojkat] i takie czerwone okno niby Windows Security Center zebym sciagnela oprogramowanie zabezpieczajace. Co robic??? Mam avasta i ad-aware 2008, skanuje, usuwam infekcje ale to nic nie daje.......pomocy..... Bede wdzieczna za kazda porade. Nie znam sie za bardzo na problemach z systemem takze piszcie jak dla blondynki Pozdro Dołączam loga z Hijackthis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:41:36, on 2008-06-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\Programy\Avast\aswUpdSv.exeD:\Programy\Avast\ashServ.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeD:\Programy\QTTask.exeD:\Programy\Avast\ashDisp.exeD:\Program Files\BearShare\BearShare.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Macrogaming\SweetIM\SweetIM.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\Silicon Image\SiISATARaid\SATARaid.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.exeC:\Program Files\OpenOffice.ux.pl 2.0\program\soffice.BINC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\winself.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeD:\Programy\Avast\ashMaiSv.exeD:\Programy\Avast\ashWebSv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Neostrada TP\NeostradaTP.exeC:\Program Files\Neostrada TP\ComComp.exeC:\Program Files\Neostrada TP\Watch.exeD:\Programy\Gadu-Gadu nowe\Gadu-Gadu\gg.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dllR3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programy\ICQToolbar\toolbaru.dllO3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [KAZAA] d:\Programy\Kazaa 1\kazaa.exe /SYSTRAYO4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"O4 - HKLM\..\Run: [ssAAD.exe] D:\Programy\SsAAD.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exeO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [bearShare] "D:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /rO4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\RunOnce: [sWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1013018O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.ux.pl 2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exeO4 - Global Startup: SATARaid.lnk = ?O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programy\ICQToolbar\toolbaru.dll/SEARCH.HTMLO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programy\ICQLite\ICQLite.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O17 - HKLM\System\CCS\Services\Tcpip\..\{7E300819-EB91-4336-BBC9-262DDFEB1040}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe--End of file - 12957 bytes
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 Poproszę o loga z ComboFix, sam Hjt nie wystarczy. Być może na odp będziesz musiał czekać około godzinki, ponieważ mam trochę roboty.
powereg komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 To jeszcze dodam printscreen ekranu Juz sie robi sympatyczny kolego Tylko musze sciagnac to ComboFix. Dzieki za odp. A tak apropo to jestem dziewczynka =] Nie ma problemu, ze godzinke. Juz sie caly dzien z tym mecze. Takze godzina w ta czy w ta nie robi wiekszej roznicy. ekran1.bmp ekran1.bmp
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 Na wszelki wypadek piszę: Fix tzn. - Uruchamiasz HijackThis => Klikasz Do a system scan only => zaznaczasz wpisy, które podaje => klikasz Fix checked R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com Ustawiałaś tę stronę? Jak nie to Fix. R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O20 - AppInit_DLLs:O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r Fix Pobierz ComboFix, ale nie uruchamija. Otwórz notatnik i wklej do niego: File::C:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\qcyejq.exeC:\WINDOWS\winself.exeFolder::C:\Program Files\TBONBinC:\Program Files\RXToolBarRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SemanticInsight"=-"Lexmark_X79-55"=-"ReJf5vH"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"tbon"=-Driver::MsSecurity1.209.4 W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
powereg komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 Kurde nie zdazylam tego przeczytac i juz wczesniej uruchomilam combofix taki log jest: To co mam teraz zrobic ?????? Nie zrobilam zadnego z Twoich krokow :/ ComboFix 08-06-12.2 - abc 2008-06-14 14:09:55.2 - [b]FAT32[/b]x86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.194 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exe[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\default.htm.---- Previous Run -------.C:\WINDOWS\accesss.exeC:\WINDOWS\astctl32.ocxC:\WINDOWS\avpcc.dllC:\WINDOWS\clrssn.exeC:\WINDOWS\cpan.dllC:\WINDOWS\ctfmon32.exeC:\WINDOWS\ctrlpan.dllC:\WINDOWS\default.htmC:\WINDOWS\directx32.exeC:\WINDOWS\dnsrelay.dllC:\WINDOWS\editpad.exeC:\WINDOWS\explore.exeC:\WINDOWS\explorer32.exeC:\WINDOWS\funniest.exeC:\WINDOWS\funny.exeC:\WINDOWS\gfmnaaa.dllC:\WINDOWS\helpcvs.exeC:\WINDOWS\iedll.exeC:\WINDOWS\iexplorer.exeC:\WINDOWS\inetinf.exeC:\WINDOWS\internet.exeC:\WINDOWS\lfn.exeC:\WINDOWS\loader.exeC:\WINDOWS\mainms.vpiC:\WINDOWS\megavid.cdtC:\WINDOWS\msconfd.dllC:\WINDOWS\msettings.iniC:\WINDOWS\msspi.dllC:\WINDOWS\mssys.exeC:\WINDOWS\msupdate.exeC:\WINDOWS\mswsc10.dllC:\WINDOWS\mswsc20.dllC:\WINDOWS\mtwirl32.dllC:\WINDOWS\muotr.soC:\WINDOWS\notepad32.exeC:\WINDOWS\olehelp.exeC:\WINDOWS\qttasks.exeC:\WINDOWS\quicken.exeC:\WINDOWS\rundll16.exeC:\WINDOWS\rundll32.vbeC:\WINDOWS\searchword.dllC:\WINDOWS\sistem.exeC:\WINDOWS\smdat32m.sysC:\WINDOWS\svchost32.exeC:\WINDOWS\svcinit.exeC:\WINDOWS\systeem.exeC:\WINDOWS\system32\hljwugsf.binC:\WINDOWS\systemcritical.exeC:\WINDOWS\time.exeC:\WINDOWS\users32.exeC:\WINDOWS\waol.exeC:\WINDOWS\win32e.exeC:\WINDOWS\win64.exeC:\WINDOWS\winajbm.dllC:\WINDOWS\window.exeC:\WINDOWS\winmgnt.exeC:\WINDOWS\winself.exeC:\WINDOWS\x.exeC:\WINDOWS\xplugin.dllC:\WINDOWS\xxxvideo.htaC:\WINDOWS\y.exe.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_MSSECURITY1.209.4-------\Service_MsSecurity1.209.4((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))).2008-06-14 14:06 . 2008-06-14 14:06 <DIR> d--hs---- C:\FOUND.0092008-06-14 13:41 . 2008-06-14 13:41 <DIR> d-------- C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione2008-06-13 20:18 . 2008-06-13 20:18 90,071 --a------ C:\WINDOWS\system32\iftuyszv.exe2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45 --------- d-----w C:\Program Files\Gofin2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21 935 ---ha-w C:\hpothb07.dat2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04 3,839,807 ----a-w C:\Program Files\rfw_en_10.exe2007-01-23 09:50 16,384 ------w C:\Program Files\Musicmatch2006-09-01 12:46 152 ---ha-w C:\Program Files\hpothb07.dat2006-08-14 11:29 261 ---ha-w C:\Program Files\hpothb07.tif2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe.((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\bak\ctfmon.exe----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\ctfmon.exe----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe----a-w 70,824 2003-08-28 08:09:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w 180,269 2006-06-27 15:58:42 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w 131,072 2004-06-03 18:51:54 C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w 32,768 2004-11-02 18:24:46 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w 36,975 2005-08-26 16:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\CnxMon.exe----a-w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\Watch.exe------w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\Watch.exe----a-w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w 190,464 2006-10-20 20:04:06 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w 3,305,472 2006-07-26 11:48:28 C:\Program Files\BearShare\bak\BearShare.exe----a-w 81,920 2005-01-24 17:58:02 D:\Programy\bak\SsAAD.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe----a-w 385,024 2008-01-10 13:27:36 D:\Programy\QTTask.exe----a-w 2,396,160 2006-02-17 12:03:58 D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w 3,223,552 2006-02-27 10:59:46 D:\Programy\BearShare\bak\BearShare.exe----a-w 57,344 2005-06-06 21:46:24 D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"tbon"="C:\Program Files\TBONBin\tbon.exe" [ ]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"ReJf5vH"="C:\WINDOWS\qcyejq.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad55138-f79c-11da-86bd-806d6172696f}]\Shell\AutoRun\command - G:\Autorun.exe root.ini.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-06-13 22:00:04 C:\WINDOWS\Tasks\At25.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 23:00:02 C:\WINDOWS\Tasks\At26.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 00:00:00 C:\WINDOWS\Tasks\At27.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 01:00:00 C:\WINDOWS\Tasks\At28.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 02:00:00 C:\WINDOWS\Tasks\At29.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 03:00:00 C:\WINDOWS\Tasks\At30.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 04:00:00 C:\WINDOWS\Tasks\At31.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 05:00:00 C:\WINDOWS\Tasks\At32.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 06:00:00 C:\WINDOWS\Tasks\At33.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 07:00:00 C:\WINDOWS\Tasks\At34.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 08:00:00 C:\WINDOWS\Tasks\At35.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 09:00:00 C:\WINDOWS\Tasks\At36.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 10:00:00 C:\WINDOWS\Tasks\At37.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 11:00:00 C:\WINDOWS\Tasks\At38.job"- C:\WINDOWS\system32\winmds.exe"2008-06-14 12:00:02 C:\WINDOWS\Tasks\At39.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 13:00:02 C:\WINDOWS\Tasks\At40.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 14:00:02 C:\WINDOWS\Tasks\At41.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 15:00:02 C:\WINDOWS\Tasks\At42.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 16:00:02 C:\WINDOWS\Tasks\At43.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 17:00:02 C:\WINDOWS\Tasks\At44.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 18:00:00 C:\WINDOWS\Tasks\At45.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 19:00:02 C:\WINDOWS\Tasks\At46.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 20:00:02 C:\WINDOWS\Tasks\At47.job"- C:\WINDOWS\system32\winmds.exe"2008-06-13 21:00:02 C:\WINDOWS\Tasks\At48.job"- C:\WINDOWS\system32\winmds.exe.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 14:13:42Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeD:\Programy\Avast\aswUpdSv.exeD:\Programy\Avast\ashServ.exeC:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXEC:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXEC:\WINDOWS\SYSTEM32\RUNDLL32.EXEC:\PROGRAM FILES\OPENOFFICE.UX.PL 2.0\PROGRAM\SOFFICE.EXEC:\PROGRAM FILES\OPENOFFICE.UX.PL 2.0\PROGRAM\SOFFICE.BINC:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXEC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXEC:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXEC:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXEC:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXEC:\WINDOWS\SYSTEM32\NVSVC32.EXEC:\PROGRAM FILES\COMMON FILES\TELECA SHARED\GENERIC.EXEC:\WINDOWS\SYSTEM32\WDFMGR.EXEC:\PROGRAM FILES\SONY ERICSSON\MOBILE2\MOBILE PHONE MONITOR\EPMWORKER.EXED:\Programy\Avast\ashMaiSv.exeD:\Programy\Avast\ashWebSv.exeC:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE.**************************************************************************.Completion time: 2008-06-14 14:15:47 - machine was rebooted [abc]ComboFix-quarantined-files.txt 2008-06-14 12:15:44Pre-Run: 9,699,934,208 bajtów wolnychPost-Run: 10,249,650,176 bajt˘w wolnych324 --- E O F --- 2008-06-11 18:24:30
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 Do notatnika wklej: File::C:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\qcyejq.exeC:\WINDOWS\winself.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job" C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At48.jobD:\Programy\SsAAD.exeFolder::C:\Program Files\TBONBinC:\Program Files\RXToolBarC:\FOUND.009Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fad55138-f79c-11da-86bd-806d6172696f}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ReJf5vH"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"tbon"=-[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}] W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exeO4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exeO4 - HKLM\..\Run: [ReJf5vH] C:\WINDOWS\qcyejq.exeO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -O20 - AppInit_DLLs:O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exeO4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r Wpisy Fix w HijackThis, większość już powinna zniknąć, bo wykonaniu usuwania za pomocą ComboFix-a. Na koniec pokazujesz log z ComboFix, który powstał przy usuwaniu + nowy log z HijackThis.
powereg komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 wpis combofix ComboFix 08-06-12.2 - abc 2008-06-14 17:35:40.3 - [b]FAT32[/b]x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.372 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exeCommand switches used :: D:\Programy\ComboFix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\qcyejq.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job"C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.jobC:\WINDOWS\winself.exeD:\Programy\SsAAD.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\FOUND.009C:\FOUND.009\FILE0000.CHKC:\FOUND.009\FILE0001.CHKC:\Program Files\TBONBinC:\Program Files\TBONBin\tboninst.cfgC:\Program Files\TBONBin\TBONUnst.htmC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.jobC:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.jobC:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.jobC:\WINDOWS\Tasks\At35.jobC:\WINDOWS\Tasks\At36.jobC:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.jobC:\WINDOWS\Tasks\At39.jobC:\WINDOWS\Tasks\At40.jobC:\WINDOWS\Tasks\At41.jobC:\WINDOWS\Tasks\At42.jobC:\WINDOWS\Tasks\At43.jobC:\WINDOWS\Tasks\At44.jobC:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.job.((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))).2008-06-14 13:41 . 2008-06-14 13:41 <DIR> d-------- C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45 --------- d-----w C:\Program Files\Gofin2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21 935 ---ha-w C:\hpothb07.dat2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04 3,839,807 ----a-w C:\Program Files\rfw_en_10.exe2007-01-23 09:50 16,384 ------w C:\Program Files\Musicmatch2006-09-01 12:46 152 ---ha-w C:\Program Files\hpothb07.dat2006-08-14 11:29 261 ---ha-w C:\Program Files\hpothb07.tif2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe.((((((((((((((((((((((((((((( snapshot@2008-06-14_14.15.04.64 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-14 12:13:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-06-14 15:34:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat.((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\bak\ctfmon.exe----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\ctfmon.exe----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe----a-w 70,824 2003-08-28 08:09:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w 180,269 2006-06-27 15:58:42 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w 131,072 2004-06-03 18:51:54 C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w 32,768 2004-11-02 18:24:46 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w 36,975 2005-08-26 16:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\CnxMon.exe----a-w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\Watch.exe------w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\Watch.exe----a-w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w 190,464 2006-10-20 20:04:06 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w 3,305,472 2006-07-26 11:48:28 C:\Program Files\BearShare\bak\BearShare.exe----a-w 81,920 2005-01-24 17:58:02 D:\Programy\bak\SsAAD.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe----a-w 385,024 2008-01-10 13:27:36 D:\Programy\QTTask.exe----a-w 2,396,160 2006-02-17 12:03:58 D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w 3,223,552 2006-02-27 10:59:46 D:\Programy\BearShare\bak\BearShare.exe----a-w 57,344 2005-06-06 21:46:24 D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57]*Newly Created Service* - ADILOADER.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 17:37:08Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\tsd32.dll.Completion time: 2008-06-14 17:37:35ComboFix-quarantined-files.txt 2008-06-14 15:37:34ComboFix2.txt 2008-06-14 12:15:50Pre-Run: 10,050,945,024 bajtów wolnychPost-Run: 10,252,926,976 bajtów wolnych226 --- E O F --- 2008-06-11 18:24:30Nowy log z HijackthisComboFix 08-06-12.2 - abc 2008-06-14 17:35:40.3 - [b]FAT32[/b]x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.372 [GMT 2:00]Running from: D:\Programy\ComboFix\ComboFix.exeCommand switches used :: D:\Programy\ComboFix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\qcyejq.exeC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\system32\lsasss.exeC:\WINDOWS\system32\winmds.exeC:\WINDOWS\Tasks\At25.job"C:\WINDOWS\Tasks\At26.job"C:\WINDOWS\Tasks\At27.job"C:\WINDOWS\Tasks\At28.job"C:\WINDOWS\Tasks\At29.job"C:\WINDOWS\Tasks\At30.job"C:\WINDOWS\Tasks\At31.job"C:\WINDOWS\Tasks\At32.job"C:\WINDOWS\Tasks\At33.job"C:\WINDOWS\Tasks\At34.job"C:\WINDOWS\Tasks\At35.job"C:\WINDOWS\Tasks\At36.job"C:\WINDOWS\Tasks\At37.job"C:\WINDOWS\Tasks\At38.job"C:\WINDOWS\Tasks\At39.job"C:\WINDOWS\Tasks\At40.job"C:\WINDOWS\Tasks\At41.job"C:\WINDOWS\Tasks\At42.job"C:\WINDOWS\Tasks\At43.job"C:\WINDOWS\Tasks\At44.job"C:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.jobC:\WINDOWS\winself.exeD:\Programy\SsAAD.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\FOUND.009C:\FOUND.009\FILE0000.CHKC:\FOUND.009\FILE0001.CHKC:\Program Files\TBONBinC:\Program Files\TBONBin\tboninst.cfgC:\Program Files\TBONBin\TBONUnst.htmC:\WINDOWS\system32\iftuyszv.exeC:\WINDOWS\Tasks\At25.jobC:\WINDOWS\Tasks\At26.jobC:\WINDOWS\Tasks\At27.jobC:\WINDOWS\Tasks\At28.jobC:\WINDOWS\Tasks\At29.jobC:\WINDOWS\Tasks\At30.jobC:\WINDOWS\Tasks\At31.jobC:\WINDOWS\Tasks\At32.jobC:\WINDOWS\Tasks\At33.jobC:\WINDOWS\Tasks\At34.jobC:\WINDOWS\Tasks\At35.jobC:\WINDOWS\Tasks\At36.jobC:\WINDOWS\Tasks\At37.jobC:\WINDOWS\Tasks\At38.jobC:\WINDOWS\Tasks\At39.jobC:\WINDOWS\Tasks\At40.jobC:\WINDOWS\Tasks\At41.jobC:\WINDOWS\Tasks\At42.jobC:\WINDOWS\Tasks\At43.jobC:\WINDOWS\Tasks\At44.jobC:\WINDOWS\Tasks\At45.jobC:\WINDOWS\Tasks\At46.jobC:\WINDOWS\Tasks\At47.jobC:\WINDOWS\Tasks\At48.job.((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))).2008-06-14 13:41 . 2008-06-14 13:41 <DIR> d-------- C:\Program Files\Trend Micro2008-06-13 23:00 . 2008-06-13 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-06-13 22:55 . 2008-06-13 22:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-13 20:18 . 2008-06-13 20:18 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys2008-06-11 17:06 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys2008-04-19 15:45 --------- d-----w C:\Program Files\Gofin2008-04-17 10:47 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe2008-04-04 16:21 935 ---ha-w C:\hpothb07.dat2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys2007-12-23 12:04 3,839,807 ----a-w C:\Program Files\rfw_en_10.exe2007-01-23 09:50 16,384 ------w C:\Program Files\Musicmatch2006-09-01 12:46 152 ---ha-w C:\Program Files\hpothb07.dat2006-08-14 11:29 261 ---ha-w C:\Program Files\hpothb07.tif2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe.((((((((((((((((((((((((((((( snapshot@2008-06-14_14.15.04.64 ))))))))))))))))))))))))))))))))))))))))).- 2008-06-14 12:13:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat+ 2008-06-14 15:34:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat.((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))).----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\bak\ctfmon.exe----a-w 15,360 2004-08-03 21:44:20 C:\WINDOWS\system32\ctfmon.exe----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe----a-w 70,824 2003-08-28 08:09:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe----a-w 180,269 2006-06-27 15:58:42 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe----a-w 131,072 2004-06-03 18:51:54 C:\Program Files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe----a-w 32,768 2004-11-02 18:24:46 C:\Program Files\CyberLink DVD Solution\PowerDVD\bak\PDVDServ.exe----a-w 36,975 2005-08-26 16:14:44 C:\Program Files\Java\jre1.5.0_05\bin\bak\jusched.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\bak\CnxMon.exe----a-w 24,576 2003-10-16 16:07:10 C:\Program Files\Neostrada TP\CnxMon.exe----a-w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\Watch.exe------w 20,480 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\Watch.exe----a-w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\bak\TaskbarIcon.exe------w 53,248 2003-10-16 16:07:12 C:\Program Files\Neostrada TP\TaskBarIcon.exe----a-w 190,464 2006-10-20 20:04:06 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\bak\SweetIM.exe----a-r 73,840 2006-12-27 14:53:42 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe----a-w 3,305,472 2006-07-26 11:48:28 C:\Program Files\BearShare\bak\BearShare.exe----a-w 81,920 2005-01-24 17:58:02 D:\Programy\bak\SsAAD.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe----a-w 385,024 2008-01-10 13:27:36 D:\Programy\QTTask.exe----a-w 2,396,160 2006-02-17 12:03:58 D:\Programy\Gadu-Gadu nowe\bak\gg.exe----a-w 3,223,552 2006-02-27 10:59:46 D:\Programy\BearShare\bak\BearShare.exe----a-w 57,344 2005-06-06 21:46:24 D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe----a-w 155,648 2006-10-08 16:48:04 D:\Programy\bak\bak\qttask.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 22:06 68856]"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-06-13 13:36 53248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 15:19 4841472]"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [ ]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]"KAZAA"="d:\Programy\Kazaa 1\kazaa.exe" [ ]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]"Adobe Photo Downloader"="D:\Programy\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]"QuickTime Task"="D:\Programy\QTTask.exe" [2008-01-10 15:27 385024]"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [ ]"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [ ]"SsAAD.exe"="D:\Programy\SsAAD.exe" [ ]"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [ ]"BearShare"="D:\Program Files\BearShare\BearShare.exe" [2006-02-27 12:59 3223552]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]C:\Documents and Settings\abc\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.0\program\quickstart.exe [2005-10-26 13:36:02 61440]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [2006-06-09 11:40:29 1019961]DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-06-09 14:10:53 962661]hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58 28672]hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-20 15:40:15 108544]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="D:\\Programy\\ICQLite\\ICQLite.exe"="D:\\Programy\\Gadu-Gadu nowe\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 08:01]S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys [2004-07-12 05:57]*Newly Created Service* - ADILOADER.Contents of the 'Scheduled Tasks' folder"2006-10-15 12:06:26 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1152531790.job"- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I .**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-14 17:37:08Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPIscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\tsd32.dll.Completion time: 2008-06-14 17:37:35ComboFix-quarantined-files.txt 2008-06-14 15:37:34ComboFix2.txt 2008-06-14 12:15:50Pre-Run: 10,050,945,024 bajtów wolnychPost-Run: 10,252,926,976 bajtów wolnych226 --- E O F --- 2008-06-11 18:24:30 //no to może warn cię nauczy używać tagów CODE //sniper45
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 Usuń ręcznie folder C: \Qoobox. Czy avast nadal wykrywa wirusy?
powereg komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 ze co ??? Nie wiem czy tak latwo mnie tego nauczyc jak nigdy nie mialam z tym do czynienia. Chyba wlasnie po to sa takie fora....a poza tym pytam sie warna nie Ciebie to sie nie wtracaj Hmmmm zaraz sprawdze ale on to chyba jej wogole nie wykrywal...... Juz usunelam ten folder.
Mateusz J. komentarz 14 czerwca 2008 komentarz 14 czerwca 2008 ze co ??? Nie wiem czy tak latwo mnie tego nauczyc jak nigdy nie mialam z tym do czynienia.Chyba wlasnie po to sa takie fora....a poza tym pytam sie warna nie Ciebie to sie nie wtracaj Powiem Ci tak, jak byś przeczytała Regulamin działu Bezpieczeństwo, to byś wiedziała jak to się robi Hmmmm zaraz sprawdze ale on to chyba jej wogole nie wykrywal...... A widać jakąś poprawę?
powereg komentarz 14 czerwca 2008 Autor komentarz 14 czerwca 2008 No moze i racja. Ale nie mam za bardzo czasu bo w pon. mam wazny egzamin. nie wszystko jest zawsze takie proste. Niestety. Od razu po 1-szym combofixie mi wszystko zniklo i wrocilo do normy. Narazie jestem w polowie skanowania avastem. Avast nic nie wykrywa. Chyba 'jestem czysta' juz Takze strasznie dzieki za pomoc i prosze mnie nie brac za kretynke - jesli mialabym czas to bym wszystko na spokojnie poczytala, raczej nie jestem osoba idaca na latwizne [ to do kolegi] Jeszcze raz dzieki. Moge spokojnie wrocic do notatek
Kamior komentarz 25 czerwca 2008 komentarz 25 czerwca 2008 Witam Mam prośbę o pomoc. Wczoraj ściągnąłem jakieś badziewie torrentem i mam teraz wielki problem. To jest Log(chyba bo nie wiem jak to się nazywa ) z Combofixa. ComboFix 08-06-16.5 - Kamior 2008-06-25 18:14:40.11 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.432 [GMT 2:00] Running from: D:\Różne\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))) . 2008-06-25 17:54 . 2008-06-25 17:54 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\DoctorWeb 2008-06-25 17:22 . 2008-06-25 17:22 109,056 --a------ C:\WINDOWS\system32\lphcv9aj0e711.exe 2008-06-25 17:22 . 2008-06-25 17:54 90,838 --a------ C:\WINDOWS\system32\phcv9aj0e711.bmp 2008-06-25 17:22 . 2008-06-25 17:54 60,928 --a------ C:\WINDOWS\system32\blphcv9aj0e711.scr 2008-06-25 17:21 . 2008-06-25 17:21 61,440 --a------ C:\WINDOWS\system32\Setup_ver1.1351.25.exe 2008-06-24 23:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\MSBuild 2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Works 2008-06-24 23:30 . 2008-06-24 23:30 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-24 23:24 . 2008-06-24 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2008-06-24 23:23 . 2008-06-24 23:23 <DIR> dr-h----- C:\MSOCache 2008-06-24 23:20 . 2008-06-24 23:20 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-06-24 23:15 . 2008-06-24 23:15 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-24 21:08 . 2008-06-24 21:09 144 --a------ C:\WINDOWS\wcx_ftp.ini 2008-06-24 21:07 . 2008-06-24 21:07 <DIR> d-------- C:\totalcmd 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF 2008-06-24 21:07 . 2008-06-24 21:10 487 --a------ C:\WINDOWS\wincmd.ini 2008-06-23 18:54 . 2008-06-23 18:55 <DIR> d-------- C:\Program Files\PDFCreator 2008-06-23 18:54 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-06-23 18:54 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2008-06-23 18:54 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX 2008-06-23 18:54 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2008-06-21 21:37 . 2008-06-21 21:37 <DIR> d-------- C:\Program Files\MarBit 2008-06-17 19:45 . 2008-06-17 19:45 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Thinstall 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Real 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\Real 2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\DllCache\bthport.sys 2008-06-10 17:49 . 2008-06-24 23:37 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-09 20:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-06-09 20:38 . 2008-06-10 17:51 649 --a------ C:\WINDOWS\ODBC.INI 2008-06-08 13:54 . 2008-06-25 18:15 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Ustawienia lokalne 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Ulubione 2008-06-08 13:54 . 2008-05-24 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Szablony 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Pulpit 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Moje dokumenty 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr------- C:\Documents and Settings\Administrator.OSKAR\Menu Start 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator.OSKAR\Dane aplikacji 2008-06-08 13:54 . 2008-06-08 13:54 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR 2008-06-08 13:47 . 2008-06-08 13:47 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\TmpRecentIcons 2008-06-08 13:42 . 2008-06-25 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-06-08 12:59 . 2008-06-08 13:45 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-06-08 12:08 . 2008-06-08 06:10 94,208 --a------ C:\WINDOWS\emoq.exe 2008-06-07 22:54 . 2008-06-07 22:54 52,637 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-06-07 22:53 . 2008-06-07 22:53 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-06-07 22:52 . 2008-06-07 22:54 6,128 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-06-07 22:51 . 2008-06-07 22:51 <DIR> d-------- C:\WINDOWS\BricoPacks 2008-06-05 21:47 . 2008-06-05 21:47 <DIR> d-------- C:\Program Files\IrfanView 2008-06-05 00:40 . 2008-06-05 00:40 38 --a------ C:\WINDOWS\avisplitter.INI 2008-06-02 00:43 . 2008-06-02 00:45 <DIR> d-------- C:\Program Files\NAPI-PROJEKT 2008-05-30 22:15 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2008-05-27 22:38 . 2008-05-27 22:38 <DIR> d-------- C:\Program Files\SoftMaker Viewer 2008-05-27 22:38 . 2008-02-11 13:06 67,104 --a------ C:\WINDOWS\unTMV.exe 2008-05-27 16:06 . 2008-06-16 22:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2008-05-27 16:06 . 2008-06-09 10:24 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-05-26 16:53 . 2008-05-26 16:53 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-25 17:54 . 2008-05-25 18:08 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP 2008-05-25 17:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll 2008-05-25 17:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-05-25 17:09 . 2008-06-25 17:06 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-05-25 13:10 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll 2008-05-25 12:56 . 2008-06-21 03:02 <DIR> d-------- C:\WINDOWS\system32\DllCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-25 15:23 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus 2008-06-17 17:48 --------- d-----w C:\Program Files\Azureus 2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-06-05 19:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-29 03:05 --------- d-----w C:\Program Files\Ares 2008-05-24 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-24 20:30 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\DataCast 2008-05-24 20:22 --------- d-----w C:\Program Files\Samsung 2008-05-24 20:05 --------- d-----w C:\Program Files\Common Files\Ahead 2008-05-24 20:05 --------- d-----w C:\Program Files\Ahead 2008-05-24 19:54 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-24 19:54 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Media Player Classic 2008-05-24 17:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus 2008-05-24 16:25 --------- d-----w C:\Program Files\Ganymede 2008-05-24 16:23 --------- d-----w C:\Program Files\SopCast 2008-05-24 16:03 --------- d-----w C:\Program Files\Winamp 2008-05-24 16:02 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Winamp 2008-05-24 13:03 --------- d-----w C:\Program Files\WapSter 2008-05-24 13:01 --------- d-----w C:\Program Files\Sygate 2008-05-24 12:18 --------- d-----w C:\Program Files\Realtek 2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-05-24 12:11 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\InstallShield 2008-05-21 22:22 --------- d-----w C:\Program Files\Kolekcja Klasyki 2008-05-21 16:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-21 16:48 --------- d-----w C:\Program Files\Fingerprint Sensor 2008-05-21 16:45 --------- d-----w C:\Program Files\CONEXANT 2008-05-21 16:42 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-21 16:39 --------- d-----w C:\Program Files\Broadcom 2008-05-21 16:35 --------- d-----w C:\Documents and Settings\Kamior\Dane aplikacji\InstallShield 2008-05-21 16:34 --------- d-----w C:\Program Files\Intel 2008-05-21 15:50 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-21 15:47 --------- d-----w C:\Program Files\Usługi online 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\DllCache\rmcast.sys 2008-05-07 05:03 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:03 1,291,776 ------w C:\WINDOWS\system32\DllCache\quartz.dll 2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 621,344 ------w C:\WINDOWS\system32\DllCache\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:52 178,976 ------w C:\WINDOWS\system32\DllCache\msjint40.dll . ------- Sigcheck ------- 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A185BFAF-A6CF-42C5-A3BE-A9121F491A91}"= "C:\WINDOWS\nmwegbsf.dll" [ ] [HKEY_CLASSES_ROOT\clsid\{a185bfaf-a6cf-42c5-a3be-a9121f491a91}] [HKEY_CLASSES_ROOT\nmwegbsf.1] [HKEY_CLASSES_ROOT\TypeLib\{9410E20F-BA99-4814-B734-89EF5B5806A2}] [HKEY_CLASSES_ROOT\nmwegbsf] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-21 04:57 142104] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-21 04:57 162584] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-21 04:57 138008] "BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2007-05-29 07:32 16132608 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 10:51 53248] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "lphcv9aj0e711"="C:\WINDOWS\system32\lphcv9aj0e711.exe" [2008-06-25 17:22 109056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 18:15:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-06-25 18:15:41 ComboFix-quarantined-files.txt 2008-06-25 16:15:37 Pre-Run: 5,741,133,824 bajtów wolnych Post-Run: 5,731,667,968 bajtów wolnych 198 --- E O F --- 2008-06-21 01:02:16 A mój pulpit wygląda tak : i ogólnie lipa Proszę o pomoc.
Mateusz J. komentarz 25 czerwca 2008 komentarz 25 czerwca 2008 Do notatnika wklej: File::C:\WINDOWS\system32\lphcv9aj0e711.exeC:\WINDOWS\system32\phcv9aj0e711.bmpC:\WINDOWS\system32\blphcv9aj0e711.scrC:\WINDOWS\system32\Setup_ver1.1351.25.exeC:\WINDOWS\nmwegbsf.dllRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"lphcv9aj0e711"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{A185BFAF-A6CF-42C5-A3BE-A9121F491A91}"=- W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum. Prócz powstałego loga z ComboFix, wklej loga z HijackThis.
Kamior komentarz 25 czerwca 2008 komentarz 25 czerwca 2008 ComboFix 08-06-16.5 - Administrator 2008-06-25 21:02:01.15 - NTFSx86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.829 [GMT 2:00] Running from: D:\Różne\ComboFix.exe Command switches used :: D:\Różne\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\nmwegbsf.dll C:\WINDOWS\system32\blphcv9aj0e711.scr C:\WINDOWS\system32\lphcv9aj0e711.exe C:\WINDOWS\system32\phcv9aj0e711.bmp C:\WINDOWS\system32\Setup_ver1.1351.25.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Kamior.OSKAR\Ustawienia lokalne\Temporary Internet Files\ C:\WINDOWS\system32\blphcv9aj0e711.scr C:\WINDOWS\system32\lphcv9aj0e711.exe C:\WINDOWS\system32\phcv9aj0e711.bmp C:\WINDOWS\system32\Setup_ver1.1351.25.exe . ((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))) . 2008-06-25 17:54 . 2008-06-25 17:54 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\DoctorWeb 2008-06-24 23:33 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\MSBuild 2008-06-24 23:32 . 2008-06-24 23:32 <DIR> d-------- C:\Program Files\Microsoft Works 2008-06-24 23:30 . 2008-06-24 23:30 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-24 23:24 . 2008-06-24 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2008-06-24 23:23 . 2008-06-24 23:23 <DIR> dr-h----- C:\MSOCache 2008-06-24 23:20 . 2008-06-24 23:20 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-06-24 23:15 . 2008-06-24 23:15 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-24 21:08 . 2008-06-24 21:09 144 --a------ C:\WINDOWS\wcx_ftp.ini 2008-06-24 21:07 . 2008-06-24 21:07 <DIR> d-------- C:\totalcmd 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\UC.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\RAR.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\LHA.PIF 2008-06-24 21:07 . 2008-04-22 07:03 545 --a------ C:\WINDOWS\ARJ.PIF 2008-06-24 21:07 . 2008-06-24 21:10 487 --a------ C:\WINDOWS\wincmd.ini 2008-06-23 18:54 . 2008-06-23 18:55 <DIR> d-------- C:\Program Files\PDFCreator 2008-06-23 18:54 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-06-23 18:54 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2008-06-23 18:54 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX 2008-06-23 18:54 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2008-06-21 21:37 . 2008-06-21 21:37 <DIR> d-------- C:\Program Files\MarBit 2008-06-17 19:45 . 2008-06-17 19:45 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Thinstall 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Real 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-13 22:07 . 2008-06-13 22:07 <DIR> d-------- C:\Program Files\Common Files\Real 2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 08:51 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\DllCache\bthport.sys 2008-06-10 17:49 . 2008-06-24 23:37 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-09 20:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-06-09 20:38 . 2008-06-10 17:51 649 --a------ C:\WINDOWS\ODBC.INI 2008-06-08 13:54 . 2008-06-25 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Ustawienia lokalne 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Ulubione 2008-06-08 13:54 . 2008-05-24 13:51 <DIR> d--h----- C:\Documents and Settings\Administrator.OSKAR\Szablony 2008-06-08 13:54 . 2008-06-25 21:03 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Pulpit 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR\Moje dokumenty 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr------- C:\Documents and Settings\Administrator.OSKAR\Menu Start 2008-06-08 13:54 . 2008-05-24 15:44 <DIR> dr-h----- C:\Documents and Settings\Administrator.OSKAR\Dane aplikacji 2008-06-08 13:54 . 2008-06-08 13:54 <DIR> d-------- C:\Documents and Settings\Administrator.OSKAR 2008-06-08 13:47 . 2008-06-08 13:47 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\TmpRecentIcons 2008-06-08 13:42 . 2008-06-25 19:43 <DIR> d-------- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji 2008-06-08 13:42 . 2008-06-08 13:45 <DIR> d---s---- C:\Documents and Settings\Administrator 2008-06-08 12:59 . 2008-06-08 13:45 <DIR> d-------- C:\Program Files\YouTube Downloader 2008-06-08 12:08 . 2008-06-08 06:10 94,208 --a------ C:\WINDOWS\emoq.exe 2008-06-07 22:54 . 2008-06-07 22:54 52,637 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-06-07 22:53 . 2008-06-07 22:53 3,072,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-06-07 22:52 . 2008-06-07 22:54 6,128 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-06-07 22:51 . 2008-06-07 22:51 <DIR> d-------- C:\WINDOWS\BricoPacks 2008-06-05 21:47 . 2008-06-05 21:47 <DIR> d-------- C:\Program Files\IrfanView 2008-06-05 00:40 . 2008-06-05 00:40 38 --a------ C:\WINDOWS\avisplitter.INI 2008-06-02 00:43 . 2008-06-02 00:45 <DIR> d-------- C:\Program Files\NAPI-PROJEKT 2008-05-30 22:15 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2008-05-27 22:38 . 2008-05-27 22:38 <DIR> d-------- C:\Program Files\SoftMaker Viewer 2008-05-27 22:38 . 2008-02-11 13:06 67,104 --a------ C:\WINDOWS\unTMV.exe 2008-05-27 16:06 . 2008-06-16 22:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP 2008-05-27 16:06 . 2008-06-09 10:24 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-05-26 16:53 . 2008-05-26 16:53 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-05-25 17:54 . 2008-05-25 18:08 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP 2008-05-25 17:54 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll 2008-05-25 17:54 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-05-25 17:09 . 2008-06-25 19:25 116 --a------ C:\WINDOWS\NeroDigital.ini 2008-05-25 13:10 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll 2008-05-25 12:56 . 2008-06-21 03:02 <DIR> d-------- C:\WINDOWS\system32\DllCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-25 19:03 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2008-06-25 19:03 233,472 ----a-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT 2008-06-25 18:59 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2008-06-25 18:59 233,472 ----a-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT 2008-06-25 18:59 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus 2008-06-17 17:48 --------- d-----w C:\Program Files\Azureus 2008-06-05 19:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-29 03:05 --------- d-----w C:\Program Files\Ares 2008-05-24 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-24 20:30 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\DataCast 2008-05-24 20:22 --------- d-----w C:\Program Files\Samsung 2008-05-24 20:05 --------- d-----w C:\Program Files\Common Files\Ahead 2008-05-24 20:05 --------- d-----w C:\Program Files\Ahead 2008-05-24 19:54 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-05-24 19:54 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Media Player Classic 2008-05-24 17:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Azureus 2008-05-24 16:25 --------- d-----w C:\Program Files\Ganymede 2008-05-24 16:23 --------- d-----w C:\Program Files\SopCast 2008-05-24 16:03 --------- d-----w C:\Program Files\Winamp 2008-05-24 16:02 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Winamp 2008-05-24 13:03 --------- d-----w C:\Program Files\WapSter 2008-05-24 13:01 --------- d-----w C:\Program Files\Sygate 2008-05-24 12:18 --------- d-----w C:\Program Files\Realtek 2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-05-24 12:11 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\InstallShield 2008-05-24 11:55 --------- d-s---w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2008-05-24 11:55 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2008-05-21 22:22 --------- d-----w C:\Program Files\Kolekcja Klasyki 2008-05-21 16:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-21 16:48 --------- d-----w C:\Program Files\Fingerprint Sensor 2008-05-21 16:45 --------- d-----w C:\Program Files\CONEXANT 2008-05-21 16:42 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-21 16:39 --------- d-----w C:\Program Files\Broadcom 2008-05-21 16:35 --------- d-----w C:\Documents and Settings\Kamior\Dane aplikacji\InstallShield 2008-05-21 16:34 --------- d-----w C:\Program Files\Intel 2008-05-21 15:50 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-21 15:47 --------- d-----w C:\Program Files\Usługi online 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys . ------- Sigcheck ------- 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-25_18.15.30,07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-25 15:53:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-25 19:04:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-25 15:58:32 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-25 17:49:20 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-25 15:58:32 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-06-25 17:49:20 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-06-25 15:58:32 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-25 17:49:20 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-25 15:58:32 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-06-25 17:49:20 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 14:18 2351864] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-21 04:57 142104] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-21 04:57 162584] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-21 04:57 138008] "BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" [ ] "RTHDCPL"="RTHDCPL.EXE" [2007-05-29 07:32 16132608 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 10:51 53248] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05 2532576] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 21:04:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Sygate\SPF\Smc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\DOCUME~1\KAMIOR~1.OSK\USTAWI~1\Temp\RtkBtMnt.exe . ************************************************************************** . Completion time: 2008-06-25 21:06:38 - machine was rebooted [Kamior] ComboFix-quarantined-files.txt 2008-06-25 19:06:36 ComboFix2.txt 2008-06-25 17:43:06 ComboFix3.txt 2008-06-25 17:39:39 ComboFix4.txt 2008-06-25 17:12:27 ComboFix5.txt 2008-06-25 16:15:41 Pre-Run: 5,759,631,360 bajtów wolnych Post-Run: 5,747,441,664 bajt˘w wolnych 226 --- E O F --- 2008-06-21 01:02:16 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:08, on 2008-06-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\WapSter\AQQ\AQQ.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\DOCUME~1\KAMIOR~1.OSK\USTAWI~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Azureus\Azureus.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe -- End of file - 5812 bytes Chyba wszystko jest ok. Wielkie dziękuje!!
snip91 komentarz 25 czerwca 2008 komentarz 25 czerwca 2008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA') FIX
Mateusz J. komentarz 25 czerwca 2008 komentarz 25 czerwca 2008 Ale co? Gdzie? Jak? tongue.gif Uruchom HijackThis. Wybierz Do a system scan only. Zaznacz wpisy podane przez kolege. Kliknij Fix checked. Gotowe.
Kamior komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Witam! Znowu mam jakiś problem z kompem i znowu jakieś gówno złapałem :/ Proszę o pomoc Komp nie łączy mi się z serverem gg i cały czas mam temp2 i internet explorer -znaczy te okienka ze wystapił błąd i trzeba to zamknąć. To jest mój Log z Combofixa ComboFix 08-07-27.6 - Kamior 2008-08-23 0:41:56.26 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.679 [GMT 2:00] Running from: D:\Różne\my last escape\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\autorun.inf C:\WINDOWS\svchost.exe C:\WINDOWS\system32\explorer.exe C:\WINDOWS\xcopy.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 23:22 . 2008-08-22 23:22 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-08-22 23:18 . 2008-08-22 23:18 <DIR> d-------- C:\Program Files\WapSter 2008-08-20 17:41 . 2008-08-20 21:31 <DIR> d-------- C:\Program Files\MOBILedit! 2008-08-20 16:27 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll 2008-08-08 18:32 . 2008-08-23 00:40 223,946 --a------ C:\WINDOWS\system32\mswmpdat.tlb 2008-08-08 18:32 . 2004-08-04 14:00 98,304 -rahs---- C:\WINDOWS\system32\mstmdm.dll 2008-08-02 23:00 . 2008-08-02 23:00 <DIR> d-------- C:\Program Files\LucasArts 2008-08-02 20:08 . 2008-08-04 21:40 <DIR> d-------- C:\Program Files\eMule 2008-08-02 16:21 . 2006-11-03 14:31 70,207 -rahs---- C:\host.exe 2008-08-02 16:21 . 2006-05-13 05:40 1,211 -rahs---- C:\copy.exe 2008-07-31 20:53 . 2008-07-31 20:53 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Gadu-Gadu 2008-07-31 20:52 . 2008-08-22 23:22 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Gadu-Gadu 2008-07-30 13:03 . 2008-07-30 13:10 <DIR> d-------- C:\Program Files\Tlen.pl 2008-07-30 13:03 . 2008-07-30 13:06 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Tlen.pl 2008-07-28 18:26 . 2008-08-23 00:40 2,085 --a------ C:\WINDOWS\system32\temp2.exe 2008-07-27 22:52 . 2008-08-23 00:40 35,346 --a------ C:\WINDOWS\system32\temp1.exe 2008-07-23 13:26 . 2008-08-07 21:48 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\EurekaLog . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 14:47 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus 2008-08-04 16:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet 2008-08-02 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-30 11:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2008-07-24 17:24 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-07-20 11:09 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Sports Interactive 2008-07-20 10:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-20 10:52 --------- d--h--r C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\SecuROM 2008-07-20 10:51 --------- d--h--w C:\Program Files\Zero G Registry 2008-07-19 12:48 --------- d-----w C:\Program Files\Silent Hill 2008-07-18 19:10 201,728 ----a-w C:\WINDOWS\system32\tdk-screensaver-a03.scr 2008-07-09 16:45 17,920 ----a-w C:\WINDOWS\system32\dop94.dll 2008-07-08 17:23 17,920 ----a-w C:\WINDOWS\system32\ascisys.dll 2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:19 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll 2008-07-03 16:53 --------- d-----w C:\Program Files\Azureus 2008-06-29 16:02 17,920 ----a-w C:\WINDOWS\system32\ksadio.dll 2008-06-27 18:22 17,920 ----a-w C:\WINDOWS\system32\ks94.dll 2008-06-27 08:45 17,920 ----a-w C:\WINDOWS\system32\ksisys.dll 2008-06-27 08:45 17,920 ----a-w C:\WINDOWS\system32\asc94.dll 2008-06-27 08:43 17,920 ----a-w C:\WINDOWS\system32\dopadio.dll 2008-06-27 08:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-27 08:17 --------- d-----w C:\Program Files\Bonjour 2008-06-27 08:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-06-26 08:03 --------- d-----w C:\Program Files\MagicISO 2008-06-25 19:08 --------- d-----w C:\Program Files\Trend Micro 2008-06-24 21:32 --------- d-----w C:\Program Files\MSBuild 2008-06-24 21:32 --------- d-----w C:\Program Files\Microsoft Works 2008-06-24 21:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-24 21:20 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-24 21:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:30 74,240 ------w C:\WINDOWS\system32\DllCache\mscms.dll 2008-06-23 16:55 --------- d-----w C:\Program Files\PDFCreator 2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe 2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\DllCache\mswsock.dll 2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\DllCache\dnsapi.dll 2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys 2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\DllCache\tcpip6.sys 2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\DllCache\bthport.sys 2008-06-07 20:54 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-06-07 20:54 52,637 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe 2004-08-04 12:00 98,304 --sha-r C:\WINDOWS\system32\mstmdm.dll . ------- Sigcheck ------- 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-24_22.57.52.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-07 20:29:10 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:25:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:40:48 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:21:28 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:21:28 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:21:28 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:40:47 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-24 16:46:33 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:54:28 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:40:47 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll + 2008-06-23 15:13:22 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll + 2008-06-26 08:14:35 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll + 2008-06-26 08:14:35 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll + 2008-06-23 15:13:22 668,672 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll + 2008-06-25 04:27:42 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll + 2008-06-26 08:01:04 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll + 2008-06-26 08:01:05 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll + 2008-06-23 14:57:40 669,184 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll + 2007-11-30 12:40:46 19,320 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll + 2007-11-30 12:40:46 234,360 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe + 2007-11-30 12:40:46 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll + 2007-11-30 12:40:47 763,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe + 2007-11-30 12:40:48 398,200 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll - 2008-04-21 06:58:11 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-06-23 16:16:52 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-04-21 06:58:11 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-06-23 16:16:52 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2008-04-21 06:58:12 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll + 2008-06-23 16:16:52 1,055,744 ----a-w C:\WINDOWS\system32\danim.dll - 2008-04-21 06:58:11 1,021,952 ----a-w C:\WINDOWS\system32\DllCache\browseui.dll + 2008-06-23 16:16:52 1,024,000 ----a-w C:\WINDOWS\system32\DllCache\browseui.dll - 2008-04-21 06:58:11 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll + 2008-06-23 16:16:52 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll - 2008-04-21 06:58:12 1,055,744 ------w C:\WINDOWS\system32\DllCache\danim.dll + 2008-06-23 16:16:52 1,055,744 ------w C:\WINDOWS\system32\DllCache\danim.dll - 2008-04-21 06:58:12 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll + 2008-06-23 16:16:52 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll - 2008-04-21 06:58:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll + 2008-06-23 16:16:52 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll - 2008-04-21 06:58:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll + 2008-06-23 16:16:52 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll - 2008-04-21 06:58:13 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll + 2008-06-23 16:16:53 251,904 ------w C:\WINDOWS\system32\DllCache\iepeers.dll - 2007-08-21 06:26:10 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll + 2008-04-11 18:41:09 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll - 2008-04-21 06:58:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll + 2008-06-23 16:16:53 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll - 2008-04-21 06:58:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll + 2008-06-23 16:16:53 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll - 2008-04-21 06:58:17 3,528,704 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll + 2008-06-23 16:16:53 3,088,384 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll - 2008-04-21 06:58:18 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll + 2008-06-23 16:16:53 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll - 2008-04-21 06:58:18 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll + 2008-06-23 16:16:53 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll - 2008-04-21 06:58:18 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll + 2008-06-23 16:16:54 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll - 2008-04-21 06:58:19 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll + 2008-06-23 16:16:54 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll - 2008-04-21 06:58:20 1,778,688 ----a-w C:\WINDOWS\system32\DllCache\shdocvw.dll + 2008-06-23 16:16:54 1,499,136 ----a-w C:\WINDOWS\system32\DllCache\shdocvw.dll - 2008-04-21 06:58:21 498,688 ----a-w C:\WINDOWS\system32\DllCache\shlwapi.dll + 2008-06-23 16:16:54 474,112 ----a-w C:\WINDOWS\system32\DllCache\shlwapi.dll - 2008-04-21 06:58:22 693,248 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll + 2008-06-23 16:16:54 619,520 ----a-w C:\WINDOWS\system32\DllCache\urlmon.dll - 2008-04-21 06:58:22 703,488 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll + 2008-06-23 16:16:55 669,696 ----a-w C:\WINDOWS\system32\DllCache\wininet.dll - 2008-04-21 06:58:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 16:16:52 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-04-21 06:58:13 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 16:16:52 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-04-21 06:58:13 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 16:16:52 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-04-21 06:58:13 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-06-23 16:16:53 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-21 06:26:10 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:41:09 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-04-21 06:58:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-06-23 16:16:53 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2008-04-21 06:58:13 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 16:16:53 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-04-21 06:58:17 3,528,704 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-23 16:16:53 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-04-21 06:58:18 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 16:16:53 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-04-21 06:58:18 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 16:16:53 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-04-21 06:58:18 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 16:16:54 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-07-24 20:43:10 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-22 20:55:46 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-24 20:43:10 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-08-22 20:55:46 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-07-24 20:43:10 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-22 20:55:46 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-07-24 20:43:10 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-08-22 20:55:46 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat - 2008-04-21 06:58:19 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 16:16:54 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2008-04-21 06:58:20 1,778,688 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-06-23 16:16:54 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-04-21 06:58:21 498,688 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-06-23 16:16:54 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-04-21 06:58:22 693,248 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 16:16:54 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-04-21 06:58:22 703,488 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-06-23 16:16:55 669,696 ----a-w C:\WINDOWS\system32\wininet.dll - 2008-04-17 11:03:57 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-07-03 09:42:47 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-09-06 13:09 765952] "EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 976896 C:\WINDOWS\explorer.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "UpdateCheck"= {B6232196-3D7A-43FE-B29F-7C12EDC30F23} - C:\WINDOWS\system32\mstmdm.dll [2004-08-04 14:00 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe,EXPLORER.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\Program Files\\CM08\\fm.exe"= S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0abf38-60be-11dd-84e7-001e4c28030b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f24486b-2f18-11dd-8462-001e4c28030b}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{352f4ed8-609e-11dd-84e5-001e4c28030b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870c76bf-274e-11dd-9f27-bbe41bd4600a}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba627106-4989-11dd-84ae-001e4c28030b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe HKCU-Run-wsctf.exe - wsctf.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 00:42:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-08-23 0:44:08 ComboFix-quarantined-files.txt 2008-08-22 22:44:04 ComboFix2.txt 2008-07-29 16:21:08 ComboFix3.txt 2008-07-28 17:59:23 ComboFix4.txt 2008-07-24 21:25:00 ComboFix5.txt 2008-08-22 22:41:35 Pre-Run: 5,923,971,072 bajtów wolnych Post-Run: 5,952,757,760 bajtów wolnych 297 --- E O F --- 2008-08-21 01:01:23
Mateusz J. komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Infekcja z pendrive. Do notatnika wklej: File::C:\host.exeC:\WINDOWS\system32\mstmdm.dllC:\WINDOWS\system32\mswmpdat.tlbC:\copy.exeC:\WINDOWS\system32\temp2.exeC:\WINDOWS\system32\temp1.exeC:\WINDOWS\system32\ksadio.dllC:\WINDOWS\system32\ks94.dllC:\WINDOWS\system32\dop94.dllC:\WINDOWS\system32\ascisys.dllC:\WINDOWS\system32\ksisys.dllC:\WINDOWS\system32\asc94.dllC:\WINDOWS\system32\dopadio.dllRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"UpdateCheck"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0abf38-60be-11dd-84e7-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f24486b-2f18-11dd-8462-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{352f4ed8-609e-11dd-84e5-001e4c28030b}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{870c76bf-274e-11dd-9f27-bbe41bd4600a}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba627106-4989-11dd-84ae-001e4c28030b}] W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
Kamior komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 O to i on : ComboFix 08-07-27.6 - Kamior 2008-08-23 11:21:53.27 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.450 [GMT 2:00] Running from: D:\Różne\my last escape\ComboFix.exe Command switches used :: C:\Documents and Settings\Kamior.OSKAR\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - FILE :: C:\copy.exe C:\host.exe C:\WINDOWS\system32\asc94.dll C:\WINDOWS\system32\ascisys.dll C:\WINDOWS\system32\dop94.dll C:\WINDOWS\system32\dopadio.dll C:\WINDOWS\system32\ks94.dll C:\WINDOWS\system32\ksadio.dll C:\WINDOWS\system32\ksisys.dll C:\WINDOWS\system32\mstmdm.dll C:\WINDOWS\system32\mswmpdat.tlb C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\temp2.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\copy.exe C:\host.exe C:\WINDOWS\system32\asc94.dll C:\WINDOWS\system32\ascisys.dll C:\WINDOWS\system32\dop94.dll C:\WINDOWS\system32\dopadio.dll C:\WINDOWS\system32\ks94.dll C:\WINDOWS\system32\ksadio.dll C:\WINDOWS\system32\ksisys.dll C:\WINDOWS\system32\mstmdm.dll C:\WINDOWS\system32\mswmpdat.tlb C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\temp2.exe . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-22 23:22 . 2008-08-22 23:22 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-08-22 23:18 . 2008-08-22 23:18 <DIR> d-------- C:\Program Files\WapSter 2008-08-20 17:41 . 2008-08-20 21:31 <DIR> d-------- C:\Program Files\MOBILedit! 2008-08-20 16:27 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll 2008-08-02 23:00 . 2008-08-02 23:00 <DIR> d-------- C:\Program Files\LucasArts 2008-08-02 20:08 . 2008-08-04 21:40 <DIR> d-------- C:\Program Files\eMule 2008-07-31 20:53 . 2008-07-31 20:53 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Gadu-Gadu 2008-07-31 20:52 . 2008-08-22 23:22 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Gadu-Gadu 2008-07-30 13:03 . 2008-08-23 11:21 <DIR> d-------- C:\Program Files\Tlen.pl 2008-07-30 13:03 . 2008-07-30 13:06 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Tlen.pl 2008-07-23 13:26 . 2008-08-07 21:48 <DIR> d-------- C:\Documents and Settings\Kamior.OSKAR\EurekaLog . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 09:22 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Azureus 2008-08-04 16:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FLEXnet 2008-08-02 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-30 11:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2008-07-24 17:24 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-07-20 11:09 --------- d-----w C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\Sports Interactive 2008-07-20 10:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-20 10:52 --------- d--h--r C:\Documents and Settings\Kamior.OSKAR\Dane aplikacji\SecuROM 2008-07-20 10:51 --------- d--h--w C:\Program Files\Zero G Registry 2008-07-19 12:48 --------- d-----w C:\Program Files\Silent Hill 2008-07-18 19:10 201,728 ----a-w C:\WINDOWS\system32\tdk-screensaver-a03.scr 2008-07-07 20:19 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:19 253,952 ------w C:\WINDOWS\system32\DllCache\es.dll 2008-07-03 16:53 --------- d-----w C:\Program Files\Azureus 2008-06-27 08:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-27 08:17 --------- d-----w C:\Program Files\Bonjour 2008-06-27 08:08 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-06-26 08:03 --------- d-----w C:\Program Files\MagicISO 2008-06-25 19:08 --------- d-----w C:\Program Files\Trend Micro 2008-06-24 21:32 --------- d-----w C:\Program Files\MSBuild 2008-06-24 21:32 --------- d-----w C:\Program Files\Microsoft Works 2008-06-24 21:30 --------- d-----w C:\Program Files\Microsoft.NET 2008-06-24 21:20 --------- d-----w C:\Program Files\Alcohol Soft 2008-06-24 21:15 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-24 16:30 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:30 74,240 ------w C:\WINDOWS\system32\DllCache\mscms.dll 2008-06-23 16:55 --------- d-----w C:\Program Files\PDFCreator 2008-06-23 09:53 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe 2008-06-20 17:37 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:37 246,784 ------w C:\WINDOWS\system32\DllCache\mswsock.dll 2008-06-20 17:37 147,968 ----a-w C:\WINDOWS\system32\DllCache\dnsapi.dll 2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\DllCache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\DllCache\afd.sys 2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\DllCache\tcpip6.sys 2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\DllCache\bthport.sys 2008-06-07 20:54 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-06-07 20:54 52,637 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-06-07 20:54 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-05-24 12:17 315,392 ----a-w C:\WINDOWS\HideWin.exe . ------- Sigcheck ------- 2007-06-13 15:23 976896 e74ef52c79f3347a0b105b0b92bfed38 C:\WINDOWS\explorer.exe 2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 02:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\DllCache\explorer.exe . ((((((((((((((((((((((((((((( snapshot_2008-08-23_ 0.43.52.87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-22 20:55:46 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-23 08:33:41 53,806 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-22 20:55:46 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-08-23 08:33:41 68,532 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-08-22 20:55:46 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-23 08:33:41 383,452 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-08-22 20:55:46 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-08-23 08:33:41 439,564 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-19 00:05 630784] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-09-06 13:09 765952] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944] "EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 976896 C:\WINDOWS\explorer.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Kamior.OSKAR\Menu Start\Programy\Autostart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18 65536] Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\Program Files\\CM08\\fm.exe"= "C:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 11:22:13 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . Completion time: 2008-08-23 11:23:51 ComboFix-quarantined-files.txt 2008-08-23 09:23:46 ComboFix2.txt 2008-08-22 22:44:09 ComboFix3.txt 2008-07-29 16:21:08 ComboFix4.txt 2008-07-28 17:59:23 ComboFix5.txt 2008-08-23 09:21:35 Pre-Run: 5,911,433,216 bajtów wolnych Post-Run: 5,902,172,160 bajtów wolnych 169 --- E O F --- 2008-08-21 01:01:23
Mateusz J. komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Log czysty. Wywal folder c:\QooBox Zainstaluj antywirusa, polecam Avirę. Przeskanuj komputer Ad-aware.
Gość komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Log nie jest czysty, został wpis w rejestrze Wklej do Notatnika taki tekst: Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EXPLORER.EXE"=- Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Zrestartuj komputer. Usuń ręcznie folder C:\Qoobox, Usuń instalkę ComboFix z dysku. Wykonaj optymalizację autostartu Przeczyść komputer Ccleanerem Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. lub Dr.WEB CureIt!.
Mateusz J. komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Taka mała pierdoła, nie zagraża komputerowi
Gość komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Ale czasami może robić problemy z przeglądarką
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.