Skocz do zawartości

r   e   k   l   a   m   a

Zdjęcie

Nie moge otworzyc plikow .exe + relamy w IE


  • Zaloguj się, aby dodać odpowiedź
9 odpowiedzi w tym temacie

#1 babciawgaciach

babciawgaciach
  • Użytkownicy
  • 13 postów

Napisano 28.06.2008 - 13:28

Witam jestem tu nowy wiec prosze o wyrozumialosc, mam problem, mianowicie nie moge uruchomic zadnego programu zaczynajac od gg po opere. tylko okna windowsa i np zdjecia. Probowalem zainstalowac ten program HijackThis i podac wam te logi ale sie nie chcial zainstalowac? Zuwazylem ze mam strasznie duzo procesow, wiekszosc to spools.exe

Czy moze ktos poradzic? Opera wlaczyla mi sie przez przypadek bo wsadzilem plytke z antywirusen i on odworzyl opere ze strona startowa tego antiwirusa, a tak normalnie nie moge nic otworzyc, sory ale nie znam sie na komuterach dobrze ale mam nadzieje ze zrozumieliscie moj problem i mi jakos pomozecie.

#2 spandaupol

spandaupol

    MODERATOR

  • Moderatorzy
  • 12855 postów

Napisano 28.06.2008 - 13:38

Spróbuj pobrać Combofix uruchom go po zakończeniu pracy programu daj log (plik ComboFix.txt) na forum
Nie sprawdzam logów HijackThis chyba że z jakiegoś powodu sam o takiego loga poproszę.

#3 rokko

rokko
  • Użytkownicy
  • 4117 postów

Napisano 28.06.2008 - 13:41

Spróbuj wejść na stronkę http://www.ewido.net/en/onlinescan/ i przeskanować komputer.

#4 babciawgaciach

babciawgaciach
  • Użytkownicy
  • 13 postów

Napisano 28.06.2008 - 14:55

W tym problem ze nie moge uruchomic tego programu ( ComboFix, HijackThis tez)


A to raport z tej strony do skanowania


__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________


Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\Krzysiek\Cookies\krzysiek@atdmt[1].txt
Risk: Medium

Name: TrackingCookie.Gemius
Path: C:\Documents and Settings\Krzysiek\Cookies\krzysiek@hit.gemius[1].txt
Risk: Medium

Name: TrackingCookie.Netflame
Path: C:\Documents and Settings\Krzysiek\Cookies\krzysiek@ssl-hints.netflame[1].txt
Risk: Medium

Name: Adware.Generic
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-21-2000478354-854245398-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Adware.Generic
Path: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Risk: Medium

Name: Downloader.Small.vrw
Path: C:\Documents and Settings\Krzysiek\ftp34.dll
Risk: High

Name: TrackingCookie.Yieldmanager
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@ad.yieldmanager[2].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@counter5.sextracker[1].txt
Risk: Medium

Name: TrackingCookie.Gemius
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@hit.gemius[1].txt
Risk: Medium

Name: TrackingCookie.Sextracker
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@sextracker[1].txt
Risk: Medium

Name: TrackingCookie.Tradedoubler
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@tradedoubler[2].txt
Risk: Medium

Name: TrackingCookie.Zedo
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\Cookies\krzysiek@zedo[1].txt
Risk: Medium

Name: Not-A-Virus.Adware.Virtumonde
Path: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\removalfile.bat
Risk: Low

Name: Downloader.Small.vrw
Path: C:\Documents and Settings\LocalService\ftp34.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP46\A0037892.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP46\A0037893.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP46\A0037927.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP46\A0037928.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0037982.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0037983.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038012.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038013.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038035.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038037.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038064.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038065.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038097.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0038098.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0039097.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0039098.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0039127.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0039128.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040125.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040126.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040140.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040141.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040168.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040169.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040206.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040207.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040241.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040242.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040284.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040285.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040296.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040297.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040307.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040308.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040326.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0040327.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0041325.dll
Risk: High

Name: Downloader.Small.vrw
Path: C:\System Volume Information\_restore{B9CAAB89-85DA-482F-BB7F-47C08B524B24}\RP48\A0041327.dll
Risk: High

Name: Backdoor.VB.cyy
Path: C:\WINDOWS\Media\csrss.exe
Risk: High

Name: Downloader.Small.vrw
Path: C:\WINDOWS\system32\ftp34.dll
Risk: High

Name: Trojan.KillAV.rf
Path: C:\WINDOWS\system32\uwjvrrcg.dll
Risk: High

#5 rokko

rokko
  • Użytkownicy
  • 4117 postów

Napisano 28.06.2008 - 15:06

Rozpakuj poprawkę, 2xLPM na pliku REG i dodaj ją do rejestru.

Załączone pliki



#6 huber2t

huber2t
  • Użytkownicy
  • 14321 postów

Napisano 28.06.2008 - 15:25

Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Spróbuj podczas pobierania zapisać nie pod nazwą ComboFix.exe tylko z kreską pomiędzy:

Combo-Fix.exe

jak to nie pomoże to daj log z pliku main.txt z Deckard's System Scanner

#7 babciawgaciach

babciawgaciach
  • Użytkownicy
  • 13 postów

Napisano 28.06.2008 - 15:26

Ok chyba jest dobrze, moge otworzyc Opere, gg.

Oto log:

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\update.exe
C:\WINDOWS\BMa716cb93.xml
C:\WINDOWS\Config\csrss.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aixrqolq.dll
C:\WINDOWS\system32\almifvef.dll
C:\WINDOWS\system32\atbrrnot.dll
C:\WINDOWS\system32\axuatscl.dll
C:\WINDOWS\system32\bwbrhpqd.dll
C:\WINDOWS\system32\bxrqivyu.ini
C:\WINDOWS\system32\cbXPfCuT.dll
C:\WINDOWS\system32\cbXRLfEx.dll
C:\WINDOWS\system32\cekscryo.dll
C:\WINDOWS\system32\cfhvjrod.dll
C:\WINDOWS\system32\cmds.txt
C:\WINDOWS\system32\cpmyehiw.ini
C:\WINDOWS\system32\csgbqbym.ini
C:\WINDOWS\system32\cwdsomes.dll
C:\WINDOWS\system32\cykjixnj.dll
C:\WINDOWS\system32\dbruthxd.dll
C:\WINDOWS\system32\dmsqxhjg.dll
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\dypmrsno.dll
C:\WINDOWS\system32\ecdyuunk.ini
C:\WINDOWS\system32\ehfuoofb.dll
C:\WINDOWS\system32\encsbiqy.ini
C:\WINDOWS\system32\epjecosn.dll
C:\WINDOWS\system32\erehvdwl.dll
C:\WINDOWS\system32\erxjmlfs.dll
C:\WINDOWS\system32\etgrokps.dll
C:\WINDOWS\system32\fdfcsusn.ini
C:\WINDOWS\system32\feesotoe.dll
C:\WINDOWS\system32\fpicmvee.ini
C:\WINDOWS\system32\ftmgffaq.ini
C:\WINDOWS\system32\ftp34.dll
C:\WINDOWS\system32\gdjeifip.dll
C:\WINDOWS\system32\gibrufou.dll
C:\WINDOWS\system32\giuivwps.dll
C:\WINDOWS\system32\gnijqoao.dll
C:\WINDOWS\system32\htdxfnmk.dll
C:\WINDOWS\system32\imuxcpsm.dll
C:\WINDOWS\system32\iyyauhlx.dll
C:\WINDOWS\system32\japgnjja.dll
C:\WINDOWS\system32\jfomeset.ini
C:\WINDOWS\system32\jfywcefw.dll
C:\WINDOWS\system32\jiqcrlgq.ini
C:\WINDOWS\system32\jsfuigbp.ini
C:\WINDOWS\system32\jvjyiwdc.dll
C:\WINDOWS\system32\jygmupjo.dll
C:\WINDOWS\system32\khfEUllM.dll
C:\WINDOWS\system32\krdprxtv.dll
C:\WINDOWS\system32\kxehlfvq.dll
C:\WINDOWS\system32\kyqpanya.ini
C:\WINDOWS\system32\lfnelmdv.dll
C:\WINDOWS\system32\lsergcfu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhlpsjbs.ini
C:\WINDOWS\system32\mqvddylh.dll
C:\WINDOWS\system32\naftbshb.dll
C:\WINDOWS\system32\ngrpeacm.dll
C:\WINDOWS\system32\nnifmuis.ini
C:\WINDOWS\system32\nnnkIyXp.dll
C:\WINDOWS\system32\nqnghjih.dll
C:\WINDOWS\system32\onfhupbc.dll
C:\WINDOWS\system32\opjnilwu.dll
C:\WINDOWS\system32\oufcflmd.dll
C:\WINDOWS\system32\pcumssie.dll
C:\WINDOWS\system32\pggtsuug.dll
C:\WINDOWS\system32\pmxqiwuy.ini
C:\WINDOWS\system32\pqrcwbeg.dll
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\psxnmuiw.ini
C:\WINDOWS\system32\pxmwtddm.dll
C:\WINDOWS\system32\pXyIknnn.ini
C:\WINDOWS\system32\pXyIknnn.ini2
C:\WINDOWS\system32\qehwenos.ini
C:\WINDOWS\system32\qekegcuj.ini
C:\WINDOWS\system32\qjeevdfd.dll
C:\WINDOWS\system32\qmfprxmn.dll
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\rdiwbtsx.dll
C:\WINDOWS\system32\rvfkgrlv.dll
C:\WINDOWS\system32\sctycgch.ini
C:\WINDOWS\system32\sonewheq.dll
C:\WINDOWS\system32\tafhgxjm.dll
C:\WINDOWS\system32\tcvujigo.dll
C:\WINDOWS\system32\tfpcvpsw.dll
C:\WINDOWS\system32\tgfptxuw.dll
C:\WINDOWS\system32\udfwmoyi.ini
C:\WINDOWS\system32\ugwhilxf.dll
C:\WINDOWS\system32\uhvkwrgy.ini
C:\WINDOWS\system32\uofurbig.ini
C:\WINDOWS\system32\uwjvrrcg.dll
C:\WINDOWS\system32\vryippni.dll
C:\WINDOWS\system32\vviqptfe.dll
C:\WINDOWS\system32\wbfhcynr.dll
C:\WINDOWS\system32\wjjrcjvf.dll
C:\WINDOWS\system32\wklpftbw.dll
C:\WINDOWS\system32\woktfvki.dll
C:\WINDOWS\system32\wotcfitx.ini
C:\WINDOWS\system32\wrtdxdtj.dll
C:\WINDOWS\system32\wscjjitv.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\system32\wvywihgi.dll
C:\WINDOWS\system32\wwhohk.dll
C:\WINDOWS\system32\wxqybhas.dll
C:\WINDOWS\system32\wxrkebbd.dll
C:\WINDOWS\system32\wxymguxx.dll
C:\WINDOWS\system32\wysclaes.dll
C:\WINDOWS\system32\xhymwral.dll
C:\WINDOWS\system32\xrkqmofl.ini
C:\WINDOWS\system32\yjhwiorr.dll
C:\WINDOWS\system32\yjtyytou.dll
C:\WINDOWS\system32\yjvcpxyj.dll
C:\WINDOWS\system32\yleojmqr.dll
C:\WINDOWS\system32\ymrqtqou.ini
C:\WINDOWS\system32\ynljowps.ini
C:\WINDOWS\system32\ypevfvjy.dll
C:\WINDOWS\system32\yqebpgah.dll
C:\WINDOWS\system32\yqibscne.dll
C:\WINDOWS\system32\yqwtsxey.dll

.
(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-28  )))))))))))))))))))))))))))))))
.

2008-06-27 01:14 . 2008-06-17 17:42	28,672	--a------	C:\Documents and Settings\LocalService\cftmon.exe
2008-06-27 01:14 . 2008-06-27 01:14	5,120	--a------	C:\Documents and Settings\LocalService\ftp34.dll
2008-06-27 01:14 . 2008-06-27 01:14	2,615	--a------	C:\Documents and Settings\LocalService\mpr2.dat
2008-06-27 01:14 . 2008-06-27 01:14	2,615	--a------	C:\Documents and Settings\LocalService\mpr.dat
2008-06-20 16:58 . 2002-09-20 18:04	150,528	--a------	C:\WINDOWS\system32\ptpusd.dll
2008-06-20 16:58 . 2002-08-29 01:48	14,208	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 16:58 . 2002-08-29 01:48	14,208	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 16:58 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2008-06-18 19:43 . 2008-06-18 19:43	<DIR>	d--------	C:\Program Files\Sun
2008-06-18 19:43 . 2008-03-25 02:37	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-06-18 19:42 . 2008-06-18 19:43	<DIR>	d--------	C:\Program Files\Java
2008-06-18 19:40 . 2008-06-18 19:40	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-06-17 17:43 . 2008-06-17 17:42	28,672	--a------	C:\Documents and Settings\Krzysiek\cftmon.exe
2008-06-17 17:43 . 2008-06-27 01:17	5,120	--a------	C:\Documents and Settings\Krzysiek\ftp34.dll
2008-06-17 17:43 . 2008-06-27 01:17	2,615	--a------	C:\Documents and Settings\Krzysiek\mpr2.dat
2008-06-17 17:43 . 2008-06-27 01:17	2,615	--a------	C:\Documents and Settings\Krzysiek\mpr.dat
2008-06-17 17:42 . 2008-06-17 17:42	45,056	--a------	C:\WINDOWS\system32\jzcom32.dll
2008-06-17 17:42 . 2008-06-17 17:42	22,383	--a------	C:\WINDOWS\system32\sklh.dat
2008-06-14 18:19 . 2008-06-14 18:19	<DIR>	d--------	C:\Program Files\Opera
2008-06-14 18:10 . 2008-06-14 18:10	<DIR>	d--------	C:\Program Files\Gadu-Gadu
2008-06-14 17:35 . 2008-06-14 17:59	1,194	---hs----	C:\WINDOWS\system32\txbfritf.ini
2008-06-13 17:08 . 2008-06-14 17:32	1,014	---hs----	C:\WINDOWS\system32\hxpainwm.ini
2008-06-13 16:02 . 2008-06-13 16:02	894	---hs----	C:\WINDOWS\system32\cwnuuhwk.ini
2008-06-13 15:59 . 2008-06-13 15:59	834	---hs----	C:\WINDOWS\system32\xwqiuabh.ini
2008-06-12 17:59 . 2008-06-13 15:29	774	---hs----	C:\WINDOWS\system32\cfrkcysj.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 14:19	---------	d---a-w	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-26 23:17	---------	d-----w	C:\Program Files\BitComet
2008-04-30 12:13	---------	d-----w	C:\Program Files\MadOnion.com
2008-04-30 12:12	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-12 05:39	94,208	----a-w	C:\WINDOWS\Media\csrss.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05 13312]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a425f80f]
C:\WINDOWS\System32\sonewheq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPDWIN]
C:\Program Files\Panda Software\Panda Demo\pandasft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-10-09 11:28 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2008-02-01 09:20 2194744 C:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-04-07 00:19 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-09-26 16:49 35328 C:\Program Files\Winamp\winampa.exe

R3 PRISM;IEEE 802.11 Wireless NIC Driver;C:\WINDOWS\System32\DRIVERS\EXPRESS.sys [2002-11-15 12:02]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 16:22:47
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-06-28 16:24:06 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-28 14:24:03

Pre-Run: 7,736,238,080 bajtów wolnych
Post-Run: 9,779,167,232 bajt˘w wolnych

231


edit: zrobilem tak jak mowil rokko

#8 huber2t

huber2t
  • Użytkownicy
  • 14321 postów

Napisano 28.06.2008 - 15:32

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
File::
C:\WINDOWS\system32\txbfritf.ini
C:\WINDOWS\system32\hxpainwm.ini
C:\WINDOWS\system32\cwnuuhwk.ini
C:\WINDOWS\system32\xwqiuabh.ini
C:\WINDOWS\system32\cfrkcysj.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a425f80f]
Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->
Dołączona grafika
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link

#9 babciawgaciach

babciawgaciach
  • Użytkownicy
  • 13 postów

Napisano 28.06.2008 - 15:45

Ok

http://wklejto.pl/4194

Co dalej?

#10 huber2t

huber2t
  • Użytkownicy
  • 14321 postów

Napisano 28.06.2008 - 19:28

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!