zlapalem tego wirusa i nie wiem czy juz wyczyscilem kompa . moglibyscie sprawdzic mojego loga dziekuje

ComboFix 08-09-05.02 - HP_Administrator 2008-09-06 18:25:12.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.611 [GMT 1:00]

Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt…txt

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))

.

2008-09-06 18:15 . 2004-08-10 05:00 388,608 --a------ C:\WINDOWS\system32\CF3943.exe

2008-09-06 17:00 . 2008-09-06 17:00 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll

2008-08-29 01:37 . 2008-09-06 18:14 55,996 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx

2008-08-29 01:37 . 2008-09-06 18:14 788 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx

2008-08-28 22:51 . 2008-09-03 01:42 1,072 --a------ C:\WINDOWS\system32\settingsbkup.sfm

2008-08-28 22:51 . 2008-09-03 01:42 1,072 --a------ C:\WINDOWS\system32\settings.sfm

2008-08-28 22:49 . 2008-08-28 22:49

2008-08-28 22:44 . 2008-08-28 22:44

2008-08-28 22:39 . 2008-07-15 01:08 24,089,151 --a------ C:\WINDOWS\system32\AppSetup.exe

2008-08-28 19:25 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd

2008-08-28 18:48 . 2008-08-28 18:48

2008-08-28 18:47 . 2008-08-28 18:47

2008-08-27 15:34 . 2008-09-06 18:14 55,996 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx

2008-08-27 15:10 . 2008-08-28 22:44

2008-08-27 15:07 . 2008-08-27 15:07

2008-08-23 14:05 . 2008-08-28 22:44 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-08-23 14:05 . 2008-08-28 22:44 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-08-23 14:04 . 2008-08-28 22:44

2008-08-23 14:04 . 2008-08-23 14:04

2008-08-23 14:04 . 2008-08-28 22:49

2008-08-23 14:04 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll

2008-08-17 19:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-15 03:46 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll

2008-08-15 03:46 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2008-08-15 03:46 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-06 16:28 --------- d-----w C:\Program Files\Trojan Remover

2008-09-06 16:23 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-09-02 00:09 --------- d-----w C:\Program Files\HP

2008-08-31 18:46 --------- d-----w C:\Program Files\HighGrow

2008-08-28 21:45 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-08-27 13:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype

2008-08-25 12:12 --------- d-----w C:\Program Files\BitComet

2008-08-25 11:53 --------- d-----w C:\Program Files\Electronic Arts

2008-08-25 11:24 --------- d-----w C:\Program Files\AtomixMP3

2008-08-23 01:28 102,400 ----a-w C:\WINDOWS\DUMP44e8.tmp

2008-08-17 18:10 --------- d-----w C:\Program Files\Java

2008-08-01 14:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM

2008-07-15 17:13 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys

2008-07-15 17:12 1,173,016 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys

2008-07-15 17:11 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys

2008-07-15 17:10 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys

2008-07-15 17:09 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys

2008-07-15 17:08 347,080 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys

2008-07-15 17:08 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys

2008-07-15 17:07 527,384 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys

2008-07-15 17:06 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys

2008-07-15 16:23 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL

2008-07-15 16:23 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL

2008-07-15 16:22 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL

2008-07-11 14:53 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll

2008-07-11 14:53 181,248 ----a-w C:\WINDOWS\system32\ctdvinst.dll

2008-07-11 14:53 11,776 ----a-w C:\WINDOWS\INRES.DLL

2008-07-11 14:51 34,816 ----a-w C:\WINDOWS\system32\a3d.dll

2008-07-11 14:51 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll

2008-07-11 14:50 45,056 ----a-w C:\WINDOWS\system32\CTxfiSpk.dll

2008-07-11 14:50 35,840 ----a-w C:\WINDOWS\system32\CTxfiBtn.dll

2008-07-11 14:50 3,072 ----a-w C:\WINDOWS\system32\CtxfiRes.dll

2008-07-11 14:50 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL

2008-07-11 14:50 19,968 ----a-w C:\WINDOWS\system32\Ctxfihlp.exe

2008-07-11 14:46 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe

2008-07-11 14:46 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe

2008-07-11 14:46 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll

2008-07-11 14:40 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll

2008-07-11 14:39 69,120 ----a-w C:\WINDOWS\system32\ctosuser.dll

2008-07-11 14:39 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll

2008-07-11 14:39 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll

2008-07-11 14:39 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll

2008-07-11 14:39 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll

2008-07-11 14:39 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll

2008-07-11 14:39 13,312 ----a-w C:\WINDOWS\system32\regplib.exe

2008-07-11 14:39 104,448 ----a-w C:\WINDOWS\system32\sfms32.dll

2008-07-11 14:37 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe

2008-07-11 14:37 10,240 ----a-w C:\WINDOWS\system32\killapps.exe

2008-07-11 14:36 32,768 ----a-w C:\WINDOWS\system32\devreg.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 09:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2008-03-08 17:04 22,328 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\PnkBstrK.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-03-12 153136]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ehTray”=“C:\WINDOWS\ehome\ehtray.exe” [2005-08-05 64512]

“IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2006-02-22 143360]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-21 7622656]

“Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [2005-07-22 237568]

“HPBootOp”=“C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” [2006-02-15 249856]

“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2003-05-14 188416]

“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe” [2007-03-12 517768]

“F5D9050”=“C:\Program Files\Belkin\F5D9050\Belkinwcui.exe” [2006-07-20 1617920]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]

“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840]

“ftutil2”=“ftutil2.dll” [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]

“RTHDCPL”=“RTHDCPL.EXE” [2006-07-22 C:\WINDOWS\RTHDCPL.EXE]

“nwiz”=“nwiz.exe” [2006-06-21 C:\WINDOWS\system32\nwiz.exe]

“CTHelper”=“CTHELPER.EXE” [2008-02-20 C:\WINDOWS\system32\CtHelper.exe]

“CTxfiHlp”=“CTXFIHLP.EXE” [2008-07-11 C:\WINDOWS\system32\Ctxfihlp.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“SetDefaultMIDI”=“MIDIDEF.EXE” [2008-02-20 C:\WINDOWS\system32\mididef.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“InstallVisualStyle”= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

“InstallTheme”= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i420vfw.dll

“msacm.l3fhg”= mp3fhg.acm

“VIDC.X264”= x264vfw.dll

“VIDC.HFYU”= huffyuv.dll

“vidc.i263”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

“msacm.divxa32”= divxa32.acm

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^UniSpiker-2.6.lnk]

path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\UniSpiker-2.6.lnk

backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

–a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

–a------ 2006-09-14 21:09 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]

–a------ 2006-04-13 09:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2007-03-09 19:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

–a------ 2006-11-28 01:12 2658304 C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

–a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

–a------ 2007-08-07 01:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2005-08-18 17:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Electronic Arts\Need for Speed Carbon\NFSC.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”=

“C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\NAPI-PROJEKT\napisy.exe”=

“C:\WINDOWS\system32\PnkBstrA.exe”=

“C:\WINDOWS\system32\PnkBstrB.exe”=

“D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe”=

“C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“14269:TCP”= 14269:TCP:BitComet 14269 TCP

“14269:UDP”= 14269:UDP:BitComet 14269 UDP

“10123:TCP”= 10123:TCP:BitComet 10123 TCP

“10123:UDP”= 10123:UDP:BitComet 10123 UDP

“13251:TCP”= 13251:TCP:BitComet 13251 TCP

“13251:UDP”= 13251:UDP:BitComet 13251 UDP

R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-07-15 1173016]

R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 19968]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-28 79360]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-06 18:26:07

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-06 18:26:47

ComboFix-quarantined-files.txt 2008-09-06 17:26:34

ComboFix2.txt 2008-09-06 17:19:35

Pre-Run: 16,118,857,728 bytes free

Post-Run: 16,102,555,648 bytes free

220 — E O F — 2008-08-15 02:04:01

czekam na wasze komenty

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\system32\tdssserf.dll

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

http://wklej.eu/index.php?id=453e0d1e51

tutaj jest ten log.

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego

na forum

lub

Dr.WEB CureIt!