wejdż do rejestru
start >> uruchom >> regedit >> rozwiń klucz
w oknie po prawej stronie PPM na Spyware Begone >> usuń >> potem restart
a tak z ciekawości spytam jak ten plik dodawałeś do rejestru?
juz usunalem to z rejestru. najpierw poprostu zapisywalem plik o tamtej tresci i otwieralem go.
zrobilem co trzeba ccleanerem, z tego, co napisane bylo o tej optymalizacji uruchamiania, chyba nci nei mailem, jzu to chyba keidys robilem
nie mgoe usunac C:\Qoobox, bo takiego folderu u mnie nei ma, chyba ze jest ukryty (nie moge z jakiegos powodu wlaczyc pokazywania plikow ukrytych)
link w
u mnie poprostu nei dziala ani w FF ani w IE, kaspersky najpierw sie instaluje, a potem wyskakuje jakis blad mimo, ze odpalalem w IE. jednym slowem prawie nci nie dziala o_O. co mam zorbic?
skan tym
ten wirus zrobil cos tez z pobieraniem plikow o_O, klikam “pobierz plik” i laduje sie pusta strona i potem nic…
ale co ja tym combofixem mam robic?
pokazać log na forum
to logi z SDFix’a:
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
Could Not Remove C:\WINDOWS\system32\drivers\tdssserv.sys
Could Not Remove C:\WINDOWS\system32\tdssadw.dll
Could Not Remove C:\WINDOWS\system32\tdssinit.dll
Could Not Remove C:\WINDOWS\system32\tdssl.dll
Could Not Remove C:\WINDOWS\system32\tdsslog.dll
Could Not Remove C:\WINDOWS\system32\tdssmain.dll
Could Not Remove C:\WINDOWS\system32\tdssservers.dat
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 21:30:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="E:\dane z dysku 20GB\LUDZ\gagaga\Nowy folder\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:c1,fb,37,e2,d4,53,f0,a0,8c,6a,73,e6,83,3a,47,c8,4c,f9,ef,a8,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:22,7c,80,dd,de,c4,6c,cc,d4,cf,a2,e5,0f,c4,f1,d4,f6,d2,8c,dd,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,93,4f,83,62,f9,ab,0e,78,07,a2,bd,f8,a5,fa,96,57,15,..
"khjeh"=hex:d9,03,89,1b,c2,9a,02,df,88,7d,a8,92,48,25,fe,3e,f9,67,60,36,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,c1,87,d8,37,6e,db,77,ef,d2,b1,67,01,62,43,91,8f,33,d6,fc,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="E:\dane z dysku 20GB\LUDZ\gagaga\Nowy folder\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:c1,fb,37,e2,d4,53,f0,a0,8c,6a,73,e6,83,3a,47,c8,4c,f9,ef,a8,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\tdssserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\tdssserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="E:\dane z dysku 20GB\LUDZ\gagaga\Nowy folder\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:c1,fb,37,e2,d4,53,f0,a0,8c,6a,73,e6,83,3a,47,c8,4c,f9,ef,a8,b8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:22,7c,80,dd,de,c4,6c,cc,d4,cf,a2,e5,0f,c4,f1,d4,f6,d2,8c,dd,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,93,4f,83,62,f9,ab,0e,78,07,a2,bd,f8,a5,fa,96,57,15,..
"khjeh"=hex:d9,03,89,1b,c2,9a,02,df,88,7d,a8,92,48,25,fe,3e,f9,67,60,36,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:51,c1,87,d8,37,6e,db,77,ef,d2,b1,67,01,62,43,91,8f,33,d6,fc,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
C:\WINDOWS\system32\tdssadw.dll 32768 bytes executable
C:\WINDOWS\system32\tdssinit.dll 57727 bytes
C:\WINDOWS\system32\tdssl.dll 16384 bytes executable
C:\WINDOWS\system32\tdsslog.dll 10752 bytes executable
C:\WINDOWS\system32\tdssmain.dll 10752 bytes executable
C:\WINDOWS\system32\tdssserf.dll 12288 bytes executable
C:\WINDOWS\system32\tdssservers.dat 217 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 35328 bytes executable
C:\WINDOWS\Temp\tdssbfe5.tmp 0 bytes
C:\WINDOWS\Temp\tdssc1aa.tmp 0 bytes
C:\WINDOWS\Temp\tdssc37f.tmp 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 11
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ol©dzki\\Moje dokumenty\\Gadu-Gadu\\gg.exe"="C:\\Documents and Settings\\Ol©dzki\\Moje dokumenty\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"E:\\Gadu-Gadu\\gg.exe"="E:\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"E:\\dane z dysku 20GB\\LUDZ\\Gadu-Gadu\\gg.exe"="E:\\dane z dysku 20GB\\LUDZ\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Documents and Settings\\Ludľ\\Pulpit\\eMule.exe"="C:\\Documents and Settings\\Ludľ\\Pulpit\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted PC Demo\\speedDemo.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted PC Demo\\speedDemo.exe:*:Enabled:speedDemo"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX05.734\\ManiaDrive-1.01-win32-i386-data\\game\\mania_server.exe"="C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX05.734\\ManiaDrive-1.01-win32-i386-data\\game\\mania_server.exe:*:Enabled:mania_server"
"C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX07.344\\ManiaDrive-1.01-win32-i386-data\\game\\mania_server.exe"="C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX07.344\\ManiaDrive-1.01-win32-i386-data\\game\\mania_server.exe:*:Enabled:mania_server"
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2 Demo\\speed2demo.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Underground 2 Demo\\speed2demo.exe:*:Enabled:speed2demo"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Drago Games\\Vulture\\Vulture.exe"="C:\\Program Files\\Drago Games\\Vulture\\Vulture.exe:*:Enabled:VULTURE"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Kazaa Lite Rewolucja\\kazaalite.kpp"="C:\\Program Files\\Kazaa Lite Rewolucja\\kazaalite.kpp:*:Enabled:kazaalite"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\Azureus\\Azureus.exe"="F:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\mp3\\angielskie\\hl.exe"="F:\\mp3\\angielskie\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\mp3\\angielskie\\cstrike\\hltv.exe"="F:\\mp3\\angielskie\\cstrike\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©"
"C:\\Documents and Settings\\Ol©dzki\\Pulpit\\Gadu-Gadu\\gg.exe"="C:\\Documents and Settings\\Ol©dzki\\Pulpit\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Documents and Settings\\Ludľ\\Pulpit\\Gadu-Gadu\\gg.exe"="C:\\Documents and Settings\\Ludľ\\Pulpit\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"F:\\Pulpit\\Gadu-Gadu\\gg.exe"="F:\\Pulpit\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"F:\\mp3\\angielskie\\Nowy folder\\hl.exe"="F:\\mp3\\angielskie\\Nowy folder\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\mp3\\angielskie\\Nowy folder\\hlds.exe"="F:\\mp3\\angielskie\\Nowy folder\\hlds.exe:*:Enabled:HLDS Launcher"
"F:\\mp3\\angielskie\\Nowy folder\\Nowy folder\\hl.exe"="F:\\mp3\\angielskie\\Nowy folder\\Nowy folder\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Azureus\\Azureus\\Azureus.exe"="F:\\Azureus\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"F:\\mp3\\paintball\\Paintball2\\paintball2.exe"="F:\\mp3\\paintball\\Paintball2\\paintball2.exe:*:Enabled:paintball2"
"F:\\mp3\\little fighter\\LF2_v1.9c\\lf2.exe"="F:\\mp3\\little fighter\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2"
"C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX01.062\\lf2_Kate\\lf2.exe"="C:\\Documents and Settings\\Ludľ\\Ustawienia lokalne\\Temp\\Rar$EX01.062\\lf2_Kate\\lf2.exe:*:Enabled:lf2"
"C:\\Documents and Settings\\Ludľ\\Pulpit\\lf2 kate\\lf2_Kate\\lf2.exe"="C:\\Documents and Settings\\Ludľ\\Pulpit\\lf2 kate\\lf2_Kate\\lf2.exe:*:Enabled:lf2"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"D:\\FlightGear\\CoD\\Call Of Duty\\CoDMP.exe"="D:\\FlightGear\\CoD\\Call Of Duty\\CoDMP.exe:*:Enabled:CoDMP"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[b]Remaining Files [/b]:
C:\WINDOWS\system32\drivers\tdssserv.sys Found
C:\WINDOWS\system32\tdssadw.dll Found
C:\WINDOWS\system32\tdssinit.dll Found
C:\WINDOWS\system32\tdssl.dll Found
C:\WINDOWS\system32\tdsslog.dll Found
C:\WINDOWS\system32\tdssmain.dll Found
C:\WINDOWS\system32\tdssservers.dat Found
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 16 Aug 2008 90,343 ..SHR --- "C:\0.com"
Wed 9 Jul 2008 118,734 ..SHR --- "C:\00hoeav.com"
Fri 11 Jul 2008 117,053 ..SHR --- "C:\0gjn3yw.exe"
Fri 25 Apr 2008 104,161 ..SHR --- "C:\1dg.exe"
Tue 29 Jul 2008 87,816 ..SHR --- "C:\1rfw8hjr.com"
Wed 12 Mar 2008 101,492 ..SHR --- "C:\22wcb21o.exe"
Thu 13 Mar 2008 101,291 ..SHR --- "C:\32e2.com"
Tue 1 Apr 2008 103,084 ..SHR --- "C:\6l6w8.com"
Thu 21 Aug 2008 90,994 ..SHR --- "C:\83fgj.com"
Fri 18 Apr 2008 103,202 ..SHR --- "C:\8ti.exe"
Wed 13 Aug 2008 89,917 ..SHR --- "C:\b3b9u.com"
Mon 11 Aug 2008 89,407 ..SHR --- "C:\bpu.exe"
Fri 1 Aug 2008 87,215 ..SHR --- "C:\e.com"
Tue 22 Jul 2008 116,906 ..SHR --- "C:\e9ehn1m8.com"
Sat 12 Jul 2008 116,972 ..SHR --- "C:\ffojc.com"
Fri 29 Feb 2008 107,155 ..SHR --- "C:\fppg1.exe"
Fri 25 Jul 2008 87,297 ..SHR --- "C:\g2pfnid.com"
Tue 15 Jul 2008 116,862 ..SHR --- "C:\k.com"
Sun 29 Jun 2008 112,227 ..SHR --- "C:\klp8j6i.com"
Tue 10 Jun 2008 117,064 ..SHR --- "C:\m88coaim.exe"
Sat 5 Apr 2008 103,463 ..SHR --- "C:\m9j.com"
Mon 25 Aug 2008 89,420 ..SHR --- "C:\n.com"
Mon 24 Mar 2008 101,835 ..SHR --- "C:\nlblkhq.com"
Sun 23 Mar 2008 99,626 ..SHR --- "C:\okqa2g.com"
Wed 16 Jul 2008 115,233 ..SHR --- "C:\p83gjy.exe"
Wed 2 Apr 2008 103,810 ..SHR --- "C:\qwc.exe"
Sun 6 Jul 2008 116,932 ..SHR --- "C:\qxbx9blb.com"
Thu 20 Mar 2008 102,455 ..SHR --- "C:\ser.com"
Sat 16 Aug 2008 91,179 ..SHR --- "C:\t1ypkh.exe"
Tue 24 Jun 2008 110,892 ..SHR --- "C:\t9peum02.exe"
Mon 11 Aug 2008 89,221 ..SHR --- "C:\tyktjfww.exe"
Sat 8 Mar 2008 102,536 ..SHR --- "C:\v.com"
Wed 23 Apr 2008 103,618 ..SHR --- "C:\vqv.exe"
Sun 16 Mar 2008 101,295 ..SHR --- "C:\xp19.com"
Sun 3 Aug 2008 89,885 ..SHR --- "C:\xqf.com"
Tue 5 Aug 2008 90,474 ..SHR --- "C:\xvlyb.exe"
Mon 21 Jul 2008 118,782 ..SHR --- "C:\ybj8df.exe"
Wed 9 Jul 2008 77,312 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Sat 15 Mar 2008 72,192 ..SHR --- "C:\WINDOWS\system32\amvo2.dll"
Mon 25 Aug 2008 84,992 ..SHR --- "C:\WINDOWS\system32\ckvo0.dll"
Thu 15 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 17 Oct 2006 23,040 ...H. --- "C:\Documents and Settings\Ludľ\Pulpit\~WRL0001.tmp"
Sun 14 Oct 2007 23,552 ...H. --- "C:\Documents and Settings\Ludľ\Pulpit\~WRL2947.tmp"
Mon 30 Apr 2007 1,007,616 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL0002.tmp"
Fri 11 May 2007 5,237,248 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL0467.tmp"
Fri 11 May 2007 5,673,472 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL0775.tmp"
Thu 10 May 2007 2,552,320 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL1145.tmp"
Sun 15 Apr 2007 921,088 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL1383.tmp"
Sun 29 Apr 2007 25,600 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL1781.tmp"
Sun 29 Apr 2007 24,064 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL2025.tmp"
Wed 9 May 2007 2,723,328 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL2067.tmp"
Fri 11 May 2007 5,586,432 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL2072.tmp"
Sun 29 Apr 2007 22,528 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL3007.tmp"
Fri 11 May 2007 4,454,400 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL3579.tmp"
Sun 29 Apr 2007 17,920 ...H. --- "C:\Documents and Settings\Ol©dzki\Pulpit\~WRL3641.tmp"
Fri 16 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 13 Mar 2008 25,736 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\22umqpcg.dll"
Thu 19 Jun 2008 30,208 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\4.dll"
Sat 26 Apr 2008 26,848 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\54mo4e.dll"
Tue 1 Jul 2008 28,672 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\5ox2s.dll"
Fri 9 May 2008 27,521 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\7bpapp.dll"
Wed 11 Jun 2008 30,208 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\8.dll"
Thu 10 Jul 2008 31,744 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\8k4m7s.dll"
Wed 2 Jul 2008 28,160 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\8m5olv.dll"
Wed 16 Apr 2008 26,983 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\9s.dll"
Fri 4 Apr 2008 26,884 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\9sky8pia.dll"
Fri 21 Mar 2008 25,787 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\9sob2.dll"
Thu 28 Feb 2008 30,721 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\9v.dll"
Fri 14 Mar 2008 25,786 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\aqb2.dll"
Mon 2 Jun 2008 29,812 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\aze.dll"
Sun 16 Mar 2008 26,145 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\boalrz.dll"
Wed 27 Feb 2008 29,571 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\bpvcrq29.dll"
Sat 5 Jul 2008 29,696 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\cahcp.dll"
Sat 15 Mar 2008 25,885 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\cfmwfbi.dll"
Tue 15 Jul 2008 31,744 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\dtkcsly.dll"
Tue 15 Jul 2008 32,256 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\dtwg.dll"
Sun 27 Apr 2008 25,867 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\dtzr9je.dll"
Tue 11 Mar 2008 26,952 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\dxw.dll"
Sun 24 Feb 2008 30,127 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\ep.dll"
Sat 26 Apr 2008 26,707 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\es8m88z.dll"
Thu 6 Mar 2008 30,068 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\fggnvylp.dll"
Mon 31 Mar 2008 26,494 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\fhww8.dll"
Thu 27 Mar 2008 26,501 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\fliuqm.dll"
Mon 3 Mar 2008 29,978 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\fqig.dll"
Thu 27 Mar 2008 27,098 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\fusdft5a.dll"
Wed 19 Mar 2008 25,631 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\gj4hn.dll"
Sat 22 Mar 2008 26,189 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\h.dll"
Mon 25 Feb 2008 29,941 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\h4khdlm.dll"
Mon 26 May 2008 26,174 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\h8my7hut.dll"
Mon 21 Jul 2008 31,744 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\hs7nysg.dll"
Thu 14 Feb 2008 29,807 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\i2ir.dll"
Sat 14 Jun 2008 30,720 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\iem.dll"
Sat 1 Mar 2008 30,225 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\ilpggjj.dll"
Wed 11 Jun 2008 31,063 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\izxx7r.dll"
Sat 8 Mar 2008 29,464 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\jm2fbs.dll"
Thu 24 Jul 2008 31,232 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\jzuqe.dll"
Sat 8 Mar 2008 30,542 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\k4jm.dll"
Tue 1 Apr 2008 26,532 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\m.dll"
Mon 31 Mar 2008 26,338 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\megq.dll"
Thu 3 Jul 2008 28,672 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\mrzkj.dll"
Sun 6 Jul 2008 29,184 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\nx.dll"
Fri 18 Jul 2008 31,232 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\olj5w.dll"
Thu 3 Jul 2008 30,208 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\ovk2o.dll"
Tue 8 Jul 2008 30,208 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\ovlx.dll"
Mon 2 Jun 2008 29,799 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\pd7crtpf.dll"
Sun 6 Jul 2008 29,696 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\port.dll"
Mon 21 Apr 2008 27,020 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\psdtohkm.dll"
Fri 15 Feb 2008 29,707 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\q4olgq.dll"
Sun 29 Jun 2008 29,184 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\q8gqt.dll"
Fri 22 Feb 2008 29,274 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\qc7r.dll"
Mon 24 Mar 2008 26,167 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\qt75a.dll"
Sat 5 Apr 2008 27,064 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\r.dll"
Sat 19 Apr 2008 26,564 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\rm.dll"
Sat 5 Jul 2008 29,184 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\t.dll"
Sun 29 Jun 2008 28,672 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\vyjx4s.dll"
Sat 29 Mar 2008 26,711 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\wi.dll"
Sat 5 Apr 2008 25,958 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\wosrcuy.dll"
Thu 24 Jul 2008 31,744 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\wzw9.dll"
Thu 10 Jul 2008 31,232 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\xl4wtg77.dll"
Tue 22 Jul 2008 31,232 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\y7vnqv.dll"
Mon 21 Jul 2008 30,720 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\yedp8.dll"
Tue 22 Jul 2008 31,744 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\yhgo47to.dll"
Fri 4 Jul 2008 29,696 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\yv.dll"
Tue 22 Apr 2008 27,205 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\z.dll"
Mon 18 Feb 2008 29,691 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\z5.dll"
Fri 21 Mar 2008 26,894 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\z8.dll"
Tue 11 Mar 2008 26,761 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\zsh4zci.dll"
Tue 25 Mar 2008 26,439 A..H. --- "C:\Documents and Settings\Ol©dzki\Ustawienia lokalne\Temp\zt.dll"
Sun 14 Oct 2007 19,968 ...H. --- "C:\Documents and Settings\Ludľ\Dane aplikacji\Microsoft\Word\~WRL0005.tmp"
Sun 14 Oct 2007 20,992 ...H. --- "C:\Documents and Settings\Ludľ\Dane aplikacji\Microsoft\Word\~WRL0716.tmp"
Sun 14 Oct 2007 23,040 ...H. --- "C:\Documents and Settings\Ludľ\Dane aplikacji\Microsoft\Word\~WRL1575.tmp"
Thu 15 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Ludľ\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1key.bak"
Thu 15 Jun 2006 20 A..H. --- "C:\Documents and Settings\Ludľ\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv1lic.bak"
Thu 15 Jun 2006 312 A.SH. --- "C:\Documents and Settings\Ludľ\Moje dokumenty\Moja muzyka\Kopia zapasowa licencji\drmv2key.bak"
Tue 9 May 2006 79,872 ...H. --- "C:\Documents and Settings\Ol©dzki\Dane aplikacji\Microsoft\Word\~WRL0086.tmp"
Mon 30 Apr 2007 1,093,120 ...H. --- "C:\Documents and Settings\Ol©dzki\Dane aplikacji\Microsoft\Word\~WRL0264.tmp"
Wed 11 Apr 2007 19,456 ...H. --- "C:\Documents and Settings\Ol©dzki\Dane aplikacji\Microsoft\Word\~WRL2266.tmp"
Mon 30 Apr 2007 1,093,120 ...H. --- "C:\Documents and Settings\Ol©dzki\Dane aplikacji\Microsoft\Word\~WRL2925.tmp"
[b]Finished![/b]to logi z combofixa:
ComboFix 08-08-25.01 - Ludż 2008-08-26 21:43:18.1 - NTFSx86Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml
Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724
lub format
jak na razie skanuje kasperskym online, po pol godzinie jest 18% i 39 wirusow, 47 plikow zainfekowanych, jak tylko skonczy skanowanie, zrobie to powyzej, acha, jak wylacze przywracanie systemu, to keidy je z powrotem wlaczyc?
wyłączyć miałeś przed skanowaniem
jak tego nie zrobiłeś to wyłącz i zaraz włącz po skanie
choć Kasperski pokaże całą masę plików zainfekowanych w punktach przywracania systemu
log z combofixa:
ComboFix 08-08-25.01 - Ludż 2008-08-26 23:11:20.2 - NTFSx86Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
lub
Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5
wyczyscilem rejestr, usunalem qoobox, przy wylaczonym przywracaniu systemu skanuje kasperskym, co troche zajmnie, jak skanowanie sie skonczy, pokaze raport
skanuje jednoczesnie tym Dr.WEB CureIt!
to raport z kasperkiego: http://rapidshare.com/files/140471251/k … aport.html
na oko skanowanie Dr.WEB CureIt! zajmmie co najmniej kilkadziesiat godzin
Wrzuć ten raport na wklej.eu
Dr.WEB CureIt! skanuje juz ponad 12 godzin, a wg. paska postepu jest to dopiero 1/20 calosci, wiec jakby 10 dni bez rpzerwy sie zapowiada, skanowac dalej, czy przerwac?