Attention, xxx. some dangerous... problem

cipczyk · 22 Sierpień 2008 16:53

podczas chodzenia sobie po explorerze wyskakuje błąd:

attention, xxx. some dangerous viruses detected in your system. Microsoft Windows XP files corrupted.

This may lead to the destruction of important files in c:\windows. Download protection software now!

click OK to download the antispyware. (recomended)

oto log z hijacka:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:40, on 2008-08-22 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20861) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\cFosSpeed\cFosSpeed.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\NetMeter\NetMeter.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\cFosSpeed\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Progsy\Konnekt\konnekt.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: IE Story - {A83359CE-23D4-4E1A-9D4E-C94AEDD1A67C} - C:\WINDOWS\system32\payi.dll O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” O4 - HKLM…\RunOnce: [Del E:\TECHNO\Alex C. Feat. Yass - Doktorspiele (single version).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Alex C. Feat. Yass - Doktorspiele (single version).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\2006-01-07 MIX PARTY FUN KAREL(Record 104)(HI.TACK-ROGER SAN.mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\2006-01-07 MIX PARTY FUN KAREL(Record 104)(HI.TACK-ROGER SAN.mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\Discotronic - The Masterplan (Club Mix)(www.wyszukiwarkamp3.eu).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Discotronic - The Masterplan (Club Mix)(www.wyszukiwarkamp3.eu).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\Empyre One Ft. Scarlet - I Turn To You (Original Club Mix)(www.wyszukiwarkamp3.eu).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Empyre One Ft. Scarlet - I Turn To You (Original Club Mix)(www.wyszukiwarkamp3.eu).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\soulwax_-_another_excuse_test_drive_unlimited_soundtrack.mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\soulwax_-_another_excuse_test_drive_unlimited_soundtrack.mp3” O4 - HKCU…\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” O4 - HKCU…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe” /systray /nologon O4 - HKCU…\Run: [C] C:\Program Files\NetMeter\NetMeter.exe O4 - HKUS\S-1-5-19…\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘Default user’) O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe – End of file - 7270 bytes

.

prosze o pomoc.

Leon1 · 22 Sierpień 2008 17:19

wpisy

O2 - BHO: IE Story - {A83359CE-23D4-4E1A-9D4E-C94AEDD1A67C} - C:\WINDOWS\system32\payi.dll O4 - HKLM…\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe O4 - HKLM…\RunOnce: [Del E:\TECHNO\Alex C. Feat. Yass - Doktorspiele (single version).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Alex C. Feat. Yass - Doktorspiele (single version).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\2006-01-07 MIX PARTY FUN KAREL(Record 104)(HI.TACK-ROGER SAN.mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\2006-01-07 MIX PARTY FUN KAREL(Record 104)(HI.TACK-ROGER SAN.mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\Discotronic - The Masterplan (Club Mix)(www.wyszukiwarkamp3.eu).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Discotronic - The Masterplan (Club Mix)(www.wyszukiwarkamp3.eu).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\Empyre One Ft. Scarlet - I Turn To You (Original Club Mix)(www.wyszukiwarkamp3.eu).mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\Empyre One Ft. Scarlet - I Turn To You (Original Club Mix)(www.wyszukiwarkamp3.eu).mp3” O4 - HKLM…\RunOnce: [Del E:\TECHNO\soulwax_-_another_excuse_test_drive_unlimited_soundtrack.mp3 OnNextReboot] cmd.exe /c DEL /F /Q “E:\TECHNO\soulwax_-_another_excuse_test_drive_unlimited_soundtrack.mp3” O4 - HKUS\S-1-5-19…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N (User ‘Default user’)

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

djarta · 22 Sierpień 2008 17:21

Po co fixujesz nltide’y?

======================

K.

Leon1 · 22 Sierpień 2008 17:38

a jest to komuś potrzebne?

djarta · 22 Sierpień 2008 17:50

Te wpisy pochodzą od programu nLite używanego do budowy zintegrowanej płytki CD Windows. Odpowiadają za integrowanie ustawień rejestru nLite przy pierwszym logowaniu do systemu. Są to wpisy typu RunOnce = czyli po przelogowaniu na danego użytkownika wykonują się tylko raz i ich aktywność ustaje. Poza tym, te klucze są wykorzystywane do nakładania ustawień na każdego nowoutworzonego użytkownika komputera, a jeżeli się nie uruchomią = użytkownik nie będzie miał wprowadzonych modyfikacji planowanych systemem nLite.

Wniosek: nic nie trzeba fiksować.

=================================

K.

cipczyk · 22 Sierpień 2008 18:07

Ok dzieki za szybka odpowiedz. problem zniknął.

djarta · 22 Sierpień 2008 18:16

Daj logi.

====================

K.

Leon1 · 22 Sierpień 2008 18:16

a gdzie log Combofixa?

cipczyk · 22 Sierpień 2008 18:38

juz daje:

ComboFix 08-08-21.02 - Administrator 2008-08-22 19:58:26.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1281 [GMT 2:00] Running from: C:\ComboFix.exe Command switches used :: C:\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\WINDOWS\system32\payi.dll . ((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))) . 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 19:56 . 2008-08-22 19:56 2008-08-22 18:27 . 2008-08-22 18:27 401,720 --a------ C:\HiJackThis.exe 2008-08-22 18:24 . 2008-08-22 18:27 2,720,466 -ra------ C:\ComboFix.exe 2008-08-22 18:17 . 2008-08-22 18:27 1,463,521 --a------ C:\SDFix.exe 2008-08-22 17:52 . 2008-08-22 19:01 2008-08-22 17:39 . 2008-08-22 17:39 53,248 --a------ C:\WINDOWS\system32\haxt.dll 2008-08-22 17:39 . 2008-08-22 17:39 53,248 --a------ C:\WINDOWS\system32\fayo.dll 2008-08-21 16:29 . 2008-08-21 16:33 155 --a------ C:\WINDOWS\mistrz.ini 2008-08-21 15:32 . 2008-08-21 15:33 2008-08-21 15:32 . 2008-08-21 15:32 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-08-21 15:04 . 2008-08-21 15:19 139,264 --a------ C:\WINDOWS\War3Unin.exe 2008-08-21 15:04 . 2008-08-21 15:26 66,401 --a------ C:\WINDOWS\War3Unin.dat 2008-08-21 15:04 . 2008-08-21 15:19 2,829 --a------ C:\WINDOWS\War3Unin.pif 2008-08-21 14:29 . 2008-08-21 14:29 2008-08-20 13:11 . 2008-08-20 13:11 2008-08-20 12:50 . 2008-08-20 12:50 2008-08-19 19:17 . 2008-08-19 19:18 2008-08-19 16:49 . 2008-08-19 16:49 2008-08-18 20:33 . 2008-08-18 20:33 2008-08-18 20:33 . 2008-08-18 20:33 427 --a------ C:\WINDOWS\ODBC.INI 2008-08-18 20:32 . 2008-08-18 20:32 2008-08-18 20:27 . 2008-08-18 20:28 125,925 --a------ C:\WINDOWS\HPHins12.dat 2008-08-18 20:27 . 2006-07-17 21:14 14,916 --------- C:\WINDOWS\hphmdl12.dat 2008-08-18 20:16 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll 2008-08-18 20:08 . 2008-08-18 19:30 126,718 --------- C:\WINDOWS\HPHins12.dat.temp 2008-08-18 20:08 . 2006-05-16 22:25 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-08-18 20:08 . 2006-06-13 01:15 14,916 --------- C:\WINDOWS\hphmdl12.dat.temp 2008-08-18 20:06 . 2006-06-22 05:03 56 --a------ C:\ut9x.bat 2008-08-18 20:06 . 2006-06-19 23:08 54 --a------ C:\ut.bat 2008-08-18 19:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-08-18 19:31 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-08-18 19:31 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-08-18 19:31 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-08-18 19:31 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-08-18 19:31 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-08-18 19:31 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-08-18 19:30 . 2008-08-18 20:27 2008-08-17 14:14 . 2008-08-17 14:14 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax 2008-08-17 14:13 . 2008-08-17 14:13 892,928 --a------ C:\WINDOWS\system32\iconv.dll 2008-08-17 14:13 . 2008-08-17 14:13 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2008-08-17 14:12 . 2008-08-17 14:12 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2008-08-17 14:12 . 2008-08-17 14:12 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2008-08-17 14:12 . 2008-08-17 14:12 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax 2008-08-17 14:12 . 2008-08-17 14:12 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2008-08-17 14:11 . 2008-08-17 14:11 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2008-08-17 14:11 . 2008-08-17 14:11 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2008-08-17 14:11 . 2008-08-17 14:11 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax 2008-08-17 14:11 . 2008-08-17 14:11 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax 2008-08-17 14:11 . 2008-08-17 14:11 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2008-08-17 14:10 . 2008-08-17 14:10 848,384 --a------ C:\WINDOWS\system32\ir41_32.ax 2008-08-17 14:09 . 2008-08-17 14:09 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-08-17 14:09 . 2008-08-17 14:09 391,168 --a------ C:\WINDOWS\system32\i263_32.drv 2008-08-17 14:08 . 2008-08-17 14:08 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-08-17 14:08 . 2008-08-17 14:08 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-08-17 14:08 . 2008-08-17 14:08 344,394 --a------ C:\WINDOWS\system32\xvid.ax 2008-08-17 14:07 . 2008-08-17 14:07 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-08-17 11:34 . 2008-08-17 11:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-17 11:34 . 2008-08-17 11:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-08-17 11:27 . 2008-08-17 11:27 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-17 11:27 . 2008-08-17 11:27 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-08-17 11:27 . 2008-08-17 11:27 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-14 23:49 . 2008-08-14 23:49 2008-08-14 23:40 . 2008-08-14 23:48 2008-08-14 20:20 . 2008-08-22 17:46 2008-08-14 19:45 . 2007-01-01 20:03 40,960 -ra------ C:\WINDOWS\system32\psfind.dll 2008-08-14 16:33 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-14 16:33 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-14 08:10 . 2008-05-01 16:37 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 08:02 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 19:16 . 2008-08-13 19:16 1 --a------ C:\WINDOWS\system32\SI.bin 2008-08-10 13:48 . 2008-08-13 21:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-08-10 13:47 . 2008-08-21 11:38 137,472 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-10 13:47 . 2008-08-21 11:38 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-08-10 12:35 . 2008-08-10 12:35 2008-08-10 12:35 . 2008-08-10 12:35 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-10 12:32 . 2008-08-10 12:32 2008-08-09 15:16 . 2008-08-09 15:16 2008-08-09 15:16 . 2008-08-09 15:16 2008-08-09 15:15 . 2008-08-17 11:23 2008-08-09 15:15 . 2008-08-17 11:24 2008-08-09 15:07 . 2008-07-22 11:39 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-09 14:16 . 2008-08-09 14:16 2008-08-09 14:16 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-08-09 14:16 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-08-09 14:16 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-08-09 14:16 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-08-09 14:15 . 2008-08-09 14:15 2008-08-09 14:09 . 2008-08-09 14:09 2008-08-09 12:45 . 2008-08-09 13:47 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-08-09 12:45 . 2008-08-09 13:47 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-08-09 12:44 . 2008-08-09 12:44 2008-08-09 12:44 . 2008-08-09 12:44 2008-08-09 12:44 . 2008-08-22 17:58 2008-08-09 12:44 . 2008-08-22 20:01 4,621,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-09 12:44 . 2008-08-22 20:02 214,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-09 12:44 . 2008-08-22 19:50 77,516 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-09 12:44 . 2008-08-22 19:50 24,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-09 12:40 . 2008-08-09 12:40 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-08-09 12:12 . 2008-08-09 12:12 2008-08-09 12:11 . 2008-08-09 12:11 2008-08-09 12:09 . 2008-08-09 16:20 2008-08-09 11:40 . 2008-08-09 11:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-09 11:16 . 2008-07-18 15:23 732,888 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2008-08-09 11:15 . 2008-08-22 20:02 2008-08-09 11:15 . 2008-07-18 15:23 290,008 --a------ C:\WINDOWS\system32\cfosspeed.dll 2008-08-09 03:38 . 2008-08-09 03:42 2008-08-09 03:38 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-09 03:37 . 2008-08-09 03:37 2008-08-09 01:41 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-08-09 01:41 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss 2008-08-09 01:40 . 2008-08-09 01:40 2008-08-09 01:40 . 2008-08-18 17:22 2008-08-09 01:40 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2008-08-09 01:40 . 2008-08-09 01:40 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-08-09 01:06 . 2008-08-16 23:05 2008-07-22 18:20 . 2008-07-22 18:20 28,672 --a------ C:\WINDOWS\system32\setupold.exe 2008-07-22 18:20 . 2008-04-14 22:51 23,040 --a------ C:\WINDOWS\system32\setup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-22 18:02 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi 2008-08-22 16:41 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\The Bat! 2008-08-21 13:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-08-20 10:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FMA 2008-08-20 07:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-17 13:12 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-09 11:47 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-08-08 22:42 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-08-08 22:37 --------- d-----w C:\Program Files\Unlocker 2008-08-08 22:32 --------- d-----w C:\Program Files\Driver Sweeper 2008-08-08 22:26 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\stamina 2008-08-08 22:25 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++ 2008-08-08 22:00 --------- d-----w C:\Program Files\uTorrent 2008-08-08 21:59 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-08 21:59 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-08-08 21:58 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Thunderbird 2008-08-08 21:56 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FastStone 2008-08-08 21:46 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\IrfanView 2008-08-08 21:27 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero 2008-08-08 21:14 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\URSoft 2008-08-08 21:13 --------- d-----w C:\Program Files\OO Software 2008-08-08 21:13 --------- d-----w C:\Program Files\Notepad++ 2008-08-08 21:13 --------- d-----w C:\Program Files\MozBackup 2008-08-08 21:13 --------- d-----w C:\Program Files\Java 2008-08-08 21:13 --------- d-----w C:\Program Files\Common Files\Java 2008-08-08 21:12 --------- d-----w C:\Program Files\Nero 2008-08-08 21:12 --------- d-----w C:\Program Files\FastStone Image Viewer 2008-08-08 21:12 --------- d-----w C:\Program Files\Driver Magician 2008-08-08 21:12 --------- d-----w C:\Program Files\Common Files\Nero 2008-08-08 21:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-08-08 21:11 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-08 21:05 --------- d-----w C:\Program Files\winamp 2008-08-08 21:05 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Xentient 2008-08-08 21:04 --------- d-----w C:\Program Files\Utilities 2008-08-08 21:03 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-08 21:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-08 21:03 --------- d-----w C:\Program Files\System 2008-08-08 21:03 --------- d-----w C:\Program Files\FirmTools 2008-08-08 21:03 --------- d-----w C:\Program Files\Drive Space Indicator 2008-07-22 13:33 77,824 ----a-w C:\WINDOWS\system32\stobject.dll 2008-07-22 13:33 744,960 ----a-w C:\WINDOWS\system32\sxs.dll 2008-07-22 13:33 630,784 ----a-w C:\WINDOWS\system32\sysocmgr.exe 2008-07-22 13:33 541,696 ----a-w C:\WINDOWS\system32\sti_ci.dll 2008-07-22 13:33 450,560 ----a-w C:\WINDOWS\system32\themeui.dll 2008-07-22 13:33 30,208 ----a-w C:\WINDOWS\system32\stimon.exe 2008-07-22 13:33 261,120 ----a-w C:\WINDOWS\system32\upnpui.dll 2008-07-22 13:33 256,512 ----a-w C:\WINDOWS\system32\tapiui.dll 2008-07-22 13:33 202,240 ----a-w C:\WINDOWS\system32\tcpmonui.dll 2008-07-22 13:33 187,392 ----a-w C:\WINDOWS\system32\taskmgr.exe 2008-07-22 13:32 78,336 ----a-w C:\WINDOWS\system32\srclient.dll 2008-07-22 13:32 58,880 ----a-w C:\WINDOWS\system32\sol.exe 2008-07-22 13:32 541,696 ----a-w C:\WINDOWS\system32\spider.exe 2008-07-22 13:32 307,712 ----a-w C:\WINDOWS\system32\srrstr.dll 2008-07-22 13:32 122,368 ----a-w C:\WINDOWS\system32\sndvol32.exe 2008-07-22 13:31 111,104 ----a-w C:\WINDOWS\system32\servdeps.dll 2008-07-22 13:30 62,976 ----a-w C:\WINDOWS\system32\remotepg.dll 2008-07-22 13:30 59,904 ----a-w C:\WINDOWS\system32\rasphone.exe 2008-07-22 13:30 538,624 ----a-w C:\WINDOWS\system32\regwizc.dll 2008-07-22 13:30 487,424 ----a-w C:\WINDOWS\system32\photowiz.dll 2008-07-22 13:30 48,128 ----a-w C:\WINDOWS\system32\rcimlby.exe 2008-07-22 13:30 45,056 ----a-w C:\WINDOWS\system32\odbcad32.exe 2008-07-22 13:30 40,448 ----a-w C:\WINDOWS\system32\perfmon.exe 2008-07-22 13:30 29,696 ----a-w C:\WINDOWS\system32\regedt32.exe 2008-07-22 13:30 217,088 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-07-22 13:30 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll 2008-07-22 13:30 1,074,176 ----a-w C:\WINDOWS\system32\printui.dll 2008-07-22 13:30 1,073,664 ----a-w C:\WINDOWS\system32\rasdlg.dll 2008-07-22 13:29 70,144 ----a-w C:\WINDOWS\system32\notepad.exe 2008-07-22 13:29 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE 2008-07-22 13:29 2,146,304 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-07-22 13:29 2,072,576 ----a-w C:\WINDOWS\system32\netplwiz.dll 2008-07-22 13:29 151,552 ----a-w C:\WINDOWS\system32\ntshrui.dll 2008-07-22 13:29 138,752 ----a-w C:\WINDOWS\system32\netid.dll 2008-07-22 13:29 113,664 ----a-w C:\WINDOWS\system32\ntlanui2.dll 2008-07-22 13:29 103,936 ----a-w C:\WINDOWS\system32\nslookup.exe 2008-07-22 13:29 1,295,360 ----a-w C:\WINDOWS\system32\newdev.dll 2008-07-22 13:28 401,408 ----a-w C:\WINDOWS\system32\mspaint.exe 2008-07-22 13:28 381,952 ----a-w C:\WINDOWS\system32\mstask.dll 2008-07-22 13:27 30,720 ----a-w C:\WINDOWS\system32\msdtc.exe 2008-07-22 13:27 130,048 ----a-w C:\WINDOWS\system32\mshearts.exe 2008-07-22 13:26 512,000 ----a-w C:\WINDOWS\system32\logonui.exe 2008-07-22 13:26 393,728 ----a-w C:\WINDOWS\system32\keymgr.dll 2008-07-22 13:26 37,888 ----a-w C:\WINDOWS\system32\irclass.dll 2008-07-22 13:26 339,968 ----a-w C:\WINDOWS\system32\inetcplc.dll 2008-07-22 13:26 180,224 ----a-w C:\WINDOWS\system32\input.dll 2008-07-22 13:26 137,216 ----a-w C:\WINDOWS\system32\hotplug.dll 2008-07-22 13:26 103,936 ----a-w C:\WINDOWS\system32\icmui.dll 2008-07-22 13:26 1,477,632 ----a-w C:\WINDOWS\system32\hnetwiz.dll 2008-07-22 13:25 68,608 ----a-w C:\WINDOWS\system32\freecell.exe 2008-07-22 13:23 89,088 ----a-w C:\WINDOWS\system32\cmstp.exe 2008-07-22 13:22 33,280 ----a-w C:\WINDOWS\system32\batt.dll 2008-07-22 13:22 116,736 ----a-w C:\WINDOWS\system32\calc.exe 2008-07-22 13:22 113,152 ----a-w C:\WINDOWS\system32\acctres.dll 2008-07-22 11:40 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll 2008-07-22 11:40 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll 2008-07-22 11:38 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll 2008-07-22 11:37 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll . ------- Sigcheck ------- 2008-07-22 15:34 487424 5f1ccdf37f28a88d0473b0c9ea1e0d58 C:\WINDOWS\system32\user32.dll 2008-07-22 15:15 361600 e88631e21a9caca06104802f9e915115 C:\WINDOWS\system32\drivers\tcpip.sys 2008-07-22 15:29 2146304 262abab004204800fc107194ca7a7b35 C:\WINDOWS\system32\ntoskrnl.exe 2008-07-22 15:25 1528832 b49a80a502fd86b2f05bc7bbd723ddab C:\WINDOWS\explorer.exe 2008-07-22 15:23 40448 0277e1a3e8b337555a45943808451981 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VisualTaskTips”=“C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe” [2007-09-05 11:20 36352] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-07-22 15:23 40448] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 15:08 136136] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe” [2008-02-20 17:20 360448] “C:\Program Files\NetMeter\NetMeter.exe”=“C:\Program Files\NetMeter\NetMeter.exe” [2007-08-11 15:50 331264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784] “OODefragTray”=“C:\WINDOWS\system32\oodtray.exe” [2007-05-11 02:08 2512392] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-03 05:46 13529088] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-03 05:46 86016] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2008-07-18 15:23 867544] “nwiz”=“nwiz.exe” [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe] “RTHDCPL”=“RTHDCPL.EXE” [2008-06-27 11:23 16875008 C:\WINDOWS\RTHDCPL.exe] “SoundMan”=“SOUNDMAN.EXE” [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe] “AlcWzrd”=“ALCWZRD.EXE” [2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “VisualTaskTips”=“C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe” [2007-09-05 11:20 36352] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-08-21 15:32:51 625952] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableCAD”= 0 (0x0) “DisableStatusMessages”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoDesktopCleanupWizard”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.i420”= i263_32.drv “VIDC.X264”= x264vfw.dll “VIDC.3iv2”= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) “DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “C:\Program Files\uTorrent\uTorrent.exe”= R1 vcdrom;Virtual CD-ROM Device Driver;C:\Program Files\System\CPL Bonus\Vcdrom.sys [2001-12-19 11:45] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-17 11:27] *Newly Created Service* - HELPSVC *Newly Created Service* - VCDROM . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 20:02:05 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] “C:\Program Files\NetMeter\NetMeter.exe”=“C:\Program Files\NetMeter\NetMeter.exe” . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe - C:\Program Files\Utilities\VisualTaskTips\VttHooks.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\cFosSpeed\spd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\wbem\wmiadap.exe . ************************************************************************** . Completion time: 2008-08-22 20:04:06 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-22 18:03:58 Pre-Run: 23,220,723,712 bajtów wolnych Post-Run: 22,103,982,080 bajt˘w wolnych 341 — E O F — 2008-08-21 09:23:26

Leon1 · 22 Sierpień 2008 18:59

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

cipczyk · 23 Sierpień 2008 07:23

oto i kolejny log:

ComboFix 08-08-21.02 - Administrator 2008-08-23 9:16:55.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1277 [GMT 2:00] Running from: C:\ComboFix.exe Command switches used :: C:\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\ut.bat C:\ut9x.bat C:\WINDOWS\system32\fayo.dll C:\WINDOWS\system32\haxt.dll C:\WINDOWS\system32\payi.dll . ((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))) . 2008-08-22 20:44 . 2008-08-22 20:44 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 20:01 . 2008-08-22 20:01 2008-08-22 19:56 . 2008-08-22 19:56 2008-08-22 18:27 . 2008-08-22 18:27 401,720 --a------ C:\HiJackThis.exe 2008-08-22 18:24 . 2008-08-22 18:27 2,720,466 -ra------ C:\ComboFix.exe 2008-08-22 18:17 . 2008-08-22 18:27 1,463,521 --a------ C:\SDFix.exe 2008-08-22 17:52 . 2008-08-22 19:01 2008-08-21 16:29 . 2008-08-21 16:33 155 --a------ C:\WINDOWS\mistrz.ini 2008-08-21 15:32 . 2008-08-21 15:33 2008-08-21 15:32 . 2008-08-21 15:32 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-08-21 15:04 . 2008-08-21 15:19 139,264 --a------ C:\WINDOWS\War3Unin.exe 2008-08-21 15:04 . 2008-08-21 15:26 66,401 --a------ C:\WINDOWS\War3Unin.dat 2008-08-21 15:04 . 2008-08-21 15:19 2,829 --a------ C:\WINDOWS\War3Unin.pif 2008-08-21 14:29 . 2008-08-21 14:29 2008-08-20 13:11 . 2008-08-20 13:11 2008-08-20 12:50 . 2008-08-20 12:50 2008-08-19 19:17 . 2008-08-19 19:18 2008-08-19 16:49 . 2008-08-19 16:49 2008-08-18 20:33 . 2008-08-18 20:33 2008-08-18 20:33 . 2008-08-18 20:33 427 --a------ C:\WINDOWS\ODBC.INI 2008-08-18 20:32 . 2008-08-18 20:32 2008-08-18 20:27 . 2008-08-18 20:28 125,925 --a------ C:\WINDOWS\HPHins12.dat 2008-08-18 20:27 . 2006-07-17 21:14 14,916 --------- C:\WINDOWS\hphmdl12.dat 2008-08-18 20:16 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll 2008-08-18 20:08 . 2008-08-18 19:30 126,718 --------- C:\WINDOWS\HPHins12.dat.temp 2008-08-18 20:08 . 2006-05-16 22:25 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-08-18 20:08 . 2006-06-13 01:15 14,916 --------- C:\WINDOWS\hphmdl12.dat.temp 2008-08-18 19:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-08-18 19:31 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-08-18 19:31 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-08-18 19:31 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-08-18 19:31 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-08-18 19:31 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-08-18 19:31 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-08-18 19:30 . 2008-08-18 20:27 2008-08-17 14:14 . 2008-08-17 14:14 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax 2008-08-17 14:13 . 2008-08-17 14:13 892,928 --a------ C:\WINDOWS\system32\iconv.dll 2008-08-17 14:13 . 2008-08-17 14:13 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2008-08-17 14:12 . 2008-08-17 14:12 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2008-08-17 14:12 . 2008-08-17 14:12 188,416 --a------ C:\WINDOWS\system32\vorbis.dll 2008-08-17 14:12 . 2008-08-17 14:12 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax 2008-08-17 14:12 . 2008-08-17 14:12 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2008-08-17 14:11 . 2008-08-17 14:11 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2008-08-17 14:11 . 2008-08-17 14:11 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2008-08-17 14:11 . 2008-08-17 14:11 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax 2008-08-17 14:11 . 2008-08-17 14:11 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax 2008-08-17 14:11 . 2008-08-17 14:11 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2008-08-17 14:10 . 2008-08-17 14:10 848,384 --a------ C:\WINDOWS\system32\ir41_32.ax 2008-08-17 14:09 . 2008-08-17 14:09 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-08-17 14:09 . 2008-08-17 14:09 391,168 --a------ C:\WINDOWS\system32\i263_32.drv 2008-08-17 14:08 . 2008-08-17 14:08 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-08-17 14:08 . 2008-08-17 14:08 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-08-17 14:08 . 2008-08-17 14:08 344,394 --a------ C:\WINDOWS\system32\xvid.ax 2008-08-17 14:07 . 2008-08-17 14:07 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-08-17 11:34 . 2008-08-17 11:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-17 11:34 . 2008-08-17 11:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-08-17 11:27 . 2008-08-17 11:27 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-17 11:27 . 2008-08-17 11:27 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys 2008-08-17 11:27 . 2008-08-17 11:27 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-16 19:12 . 2008-08-16 19:12 2008-08-14 23:49 . 2008-08-14 23:49 2008-08-14 23:40 . 2008-08-14 23:48 2008-08-14 20:20 . 2008-08-22 17:46 2008-08-14 19:45 . 2007-01-01 20:03 40,960 -ra------ C:\WINDOWS\system32\psfind.dll 2008-08-14 16:33 . 2008-04-14 22:51 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-14 16:33 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-14 08:10 . 2008-05-01 16:37 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 08:02 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 19:16 . 2008-08-13 19:16 1 --a------ C:\WINDOWS\system32\SI.bin 2008-08-10 13:48 . 2008-08-13 21:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-08-10 13:47 . 2008-08-21 11:38 137,472 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-10 13:47 . 2008-08-21 11:38 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-08-10 12:35 . 2008-08-10 12:35 2008-08-10 12:35 . 2008-08-10 12:35 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-08-10 12:32 . 2008-08-10 12:32 2008-08-09 15:16 . 2008-08-09 15:16 2008-08-09 15:16 . 2008-08-09 15:16 2008-08-09 15:15 . 2008-08-17 11:23 2008-08-09 15:15 . 2008-08-17 11:24 2008-08-09 15:07 . 2008-07-22 11:39 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-08-09 14:16 . 2008-08-09 14:16 2008-08-09 14:16 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-08-09 14:16 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-08-09 14:16 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-08-09 14:16 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-08-09 14:15 . 2008-08-09 14:15 2008-08-09 14:09 . 2008-08-09 14:09 2008-08-09 12:45 . 2008-08-09 13:47 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-08-09 12:45 . 2008-08-09 13:47 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-08-09 12:44 . 2008-08-09 12:44 2008-08-09 12:44 . 2008-08-09 12:44 2008-08-09 12:44 . 2008-08-22 22:21 2008-08-09 12:44 . 2008-08-23 09:12 4,988,960 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-09 12:44 . 2008-08-23 09:12 254,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-09 12:44 . 2008-08-23 09:12 82,268 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-09 12:44 . 2008-08-23 09:12 27,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-09 12:40 . 2008-08-09 12:40 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-08-09 12:12 . 2008-08-09 12:12 2008-08-09 12:11 . 2008-08-09 12:11 2008-08-09 12:09 . 2008-08-09 16:20 2008-08-09 11:40 . 2008-08-09 11:40 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-09 11:16 . 2008-07-18 15:23 732,888 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2008-08-09 11:15 . 2008-08-23 09:14 2008-08-09 11:15 . 2008-07-18 15:23 290,008 --a------ C:\WINDOWS\system32\cfosspeed.dll 2008-08-09 03:38 . 2008-08-09 03:42 2008-08-09 03:38 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-09 03:37 . 2008-08-09 03:37 2008-08-09 01:41 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-08-09 01:41 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss 2008-08-09 01:40 . 2008-08-09 01:40 2008-08-09 01:40 . 2008-08-18 17:22 2008-08-09 01:40 . 2008-03-05 18:07 520,192 --a------ C:\WINDOWS\RtlExUpd.dll 2008-08-09 01:40 . 2008-08-09 01:40 315,392 --a------ C:\WINDOWS\HideWin.exe 2008-08-09 01:06 . 2008-08-16 23:05 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 07:11 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Hamachi 2008-08-22 16:41 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\The Bat! 2008-08-21 13:19 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-08-20 10:52 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FMA 2008-08-20 07:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-17 13:12 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-09 11:47 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-08-08 22:42 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-08-08 22:37 --------- d-----w C:\Program Files\Unlocker 2008-08-08 22:32 --------- d-----w C:\Program Files\Driver Sweeper 2008-08-08 22:26 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\stamina 2008-08-08 22:25 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Notepad++ 2008-08-08 22:00 --------- d-----w C:\Program Files\uTorrent 2008-08-08 21:59 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-08 21:59 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-08-08 21:58 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Thunderbird 2008-08-08 21:56 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\FastStone 2008-08-08 21:46 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\mIRC 2008-08-08 21:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\IrfanView 2008-08-08 21:27 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Nero 2008-08-08 21:14 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\URSoft 2008-08-08 21:13 --------- d-----w C:\Program Files\OO Software 2008-08-08 21:13 --------- d-----w C:\Program Files\Notepad++ 2008-08-08 21:13 --------- d-----w C:\Program Files\MozBackup 2008-08-08 21:13 --------- d-----w C:\Program Files\Java 2008-08-08 21:13 --------- d-----w C:\Program Files\Common Files\Java 2008-08-08 21:12 --------- d-----w C:\Program Files\Nero 2008-08-08 21:12 --------- d-----w C:\Program Files\FastStone Image Viewer 2008-08-08 21:12 --------- d-----w C:\Program Files\Driver Magician 2008-08-08 21:12 --------- d-----w C:\Program Files\Common Files\Nero 2008-08-08 21:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-08-08 21:11 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-08 21:05 --------- d-----w C:\Program Files\winamp 2008-08-08 21:05 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Xentient 2008-08-08 21:04 --------- d-----w C:\Program Files\Utilities 2008-08-08 21:03 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-08 21:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-08 21:03 --------- d-----w C:\Program Files\System 2008-08-08 21:03 --------- d-----w C:\Program Files\FirmTools 2008-08-08 21:03 --------- d-----w C:\Program Files\Drive Space Indicator 2008-07-22 16:20 3,127 ----a-w C:\WINDOWS\system32\presetup.cmd 2008-07-22 16:20 28,672 ----a-w C:\WINDOWS\system32\setupold.exe 2008-07-22 16:17 98,304 ----a-w C:\WINDOWS\system32\makecab.exe 2008-07-22 16:17 501,760 ----a-w C:\WINDOWS\system32\usp10.dll 2008-07-22 13:36 955,392 ----a-w C:\WINDOWS\system32\wsecedit.dll 2008-07-22 13:36 9,753,600 ----a-w C:\WINDOWS\system32\wmploc.dll 2008-07-22 13:36 336,728 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-22 13:36 32,256 ----a-w C:\WINDOWS\system32\wupdmgr.exe 2008-07-22 13:36 2,600,448 ----a-w C:\WINDOWS\system32\wpdshext.dll 2008-07-22 13:35 358,912 ----a-w C:\WINDOWS\winhlp32.exe 2008-07-22 13:35 2,327,552 ----a-w C:\WINDOWS\system32\winbrand.dll 2008-07-22 13:35 1,409,536 ----a-w C:\WINDOWS\system32\wiashext.dll 2008-07-22 13:34 487,424 ----a-w C:\WINDOWS\system32\user32.dll 2008-07-22 13:34 3,647,488 ----a-w C:\WINDOWS\system32\wiadefui.dll 2008-07-22 13:34 126,976 ----a-w C:\WINDOWS\system32\verifier.exe 2008-07-22 13:34 1,539,072 ----a-w C:\WINDOWS\system32\wextract.exe 2008-07-22 13:34 1,538,560 ----a-w C:\WINDOWS\system32\wiaacmgr.exe 2008-07-22 13:33 77,824 ----a-w C:\WINDOWS\system32\stobject.dll 2008-07-22 13:33 744,960 ----a-w C:\WINDOWS\system32\sxs.dll 2008-07-22 13:33 630,784 ----a-w C:\WINDOWS\system32\sysocmgr.exe 2008-07-22 13:33 541,696 ----a-w C:\WINDOWS\system32\sti_ci.dll 2008-07-22 13:33 450,560 ----a-w C:\WINDOWS\system32\themeui.dll 2008-07-22 13:33 30,208 ----a-w C:\WINDOWS\system32\stimon.exe 2008-07-22 13:33 261,120 ----a-w C:\WINDOWS\system32\upnpui.dll 2008-07-22 13:33 256,512 ----a-w C:\WINDOWS\system32\tapiui.dll 2008-07-22 13:33 202,240 ----a-w C:\WINDOWS\system32\tcpmonui.dll 2008-07-22 13:33 187,392 ----a-w C:\WINDOWS\system32\taskmgr.exe 2008-07-22 13:32 78,336 ----a-w C:\WINDOWS\system32\srclient.dll 2008-07-22 13:32 58,880 ----a-w C:\WINDOWS\system32\sol.exe 2008-07-22 13:32 541,696 ----a-w C:\WINDOWS\system32\spider.exe 2008-07-22 13:32 52,224 ----a-w C:\WINDOWS\system32\shscrap.dll 2008-07-22 13:32 407,040 ----a-w C:\WINDOWS\system32\smlogcfg.dll 2008-07-22 13:32 307,712 ----a-w C:\WINDOWS\system32\srrstr.dll 2008-07-22 13:32 3,435,008 ----a-w C:\WINDOWS\system32\shimgvw.dll 2008-07-22 13:32 134,656 ----a-w C:\WINDOWS\system32\sigverif.exe 2008-07-22 13:32 122,368 ----a-w C:\WINDOWS\system32\sndvol32.exe 2008-07-22 13:31 997,888 ----a-w C:\WINDOWS\system32\shdoclc.dll 2008-07-22 13:31 39,936 ----a-w C:\WINDOWS\system32\sendmail.dll 2008-07-22 13:31 39,424 ----a-w C:\WINDOWS\system32\runonce.exe 2008-07-22 13:31 2,589,184 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-07-22 13:31 171,008 ----a-w C:\WINDOWS\system32\sfc_os.dll 2008-07-22 13:31 111,104 ----a-w C:\WINDOWS\system32\servdeps.dll 2008-07-22 13:30 62,976 ----a-w C:\WINDOWS\system32\remotepg.dll 2008-07-22 13:30 59,904 ----a-w C:\WINDOWS\system32\rasphone.exe 2008-07-22 13:30 538,624 ----a-w C:\WINDOWS\system32\regwizc.dll 2008-07-22 13:30 487,424 ----a-w C:\WINDOWS\system32\photowiz.dll 2008-07-22 13:30 48,128 ----a-w C:\WINDOWS\system32\rcimlby.exe 2008-07-22 13:30 45,056 ----a-w C:\WINDOWS\system32\odbcad32.exe 2008-07-22 13:30 40,448 ----a-w C:\WINDOWS\system32\perfmon.exe 2008-07-22 13:30 29,696 ----a-w C:\WINDOWS\system32\regedt32.exe 2008-07-22 13:30 217,088 ----a-w C:\WINDOWS\system32\odbcint.dll 2008-07-22 13:30 1,536,512 ----a-w C:\WINDOWS\system32\quartz.dll 2008-07-22 13:30 1,074,176 ----a-w C:\WINDOWS\system32\printui.dll 2008-07-22 13:30 1,073,664 ----a-w C:\WINDOWS\system32\rasdlg.dll 2008-07-22 13:29 70,144 ----a-w C:\WINDOWS\system32\notepad.exe 2008-07-22 13:29 70,144 ----a-w C:\WINDOWS\NOTEPAD.EXE 2008-07-22 13:29 2,356,736 ----a-w C:\WINDOWS\system32\netshell.dll 2008-07-22 13:29 2,146,304 ----a-w C:\WINDOWS\system32\ntoskrnl.exe . ------- Sigcheck ------- 2008-07-22 15:34 487424 5f1ccdf37f28a88d0473b0c9ea1e0d58 C:\WINDOWS\system32\user32.dll 2008-07-22 15:15 361600 e88631e21a9caca06104802f9e915115 C:\WINDOWS\system32\drivers\tcpip.sys 2008-07-22 15:29 2146304 262abab004204800fc107194ca7a7b35 C:\WINDOWS\system32\ntoskrnl.exe 2008-07-22 15:25 1528832 b49a80a502fd86b2f05bc7bbd723ddab C:\WINDOWS\explorer.exe 2008-07-22 15:23 40448 0277e1a3e8b337555a45943808451981 C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VisualTaskTips”=“C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe” [2007-09-05 11:20 36352] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-07-22 15:23 40448] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 15:08 136136] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe” [2008-02-20 17:20 360448] “C:\Program Files\NetMeter\NetMeter.exe”=“C:\Program Files\NetMeter\NetMeter.exe” [2007-08-11 15:50 331264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784] “OODefragTray”=“C:\WINDOWS\system32\oodtray.exe” [2007-05-11 02:08 2512392] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-05-03 05:46 13529088] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-05-03 05:46 86016] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2008-07-18 15:23 867544] “nwiz”=“nwiz.exe” [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe] “RTHDCPL”=“RTHDCPL.EXE” [2008-06-27 11:23 16875008 C:\WINDOWS\RTHDCPL.exe] “SoundMan”=“SOUNDMAN.EXE” [2008-06-18 18:01 77824 C:\WINDOWS\SoundMan.exe] “AlcWzrd”=“ALCWZRD.EXE” [2008-06-19 16:42 2808832 C:\WINDOWS\alcwzrd.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “VisualTaskTips”=“C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe” [2007-09-05 11:20 36352] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-08-21 15:32:51 625952] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableCAD”= 0 (0x0) “DisableStatusMessages”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoDesktopCleanupWizard”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMHelp”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.i420”= i263_32.drv “VIDC.X264”= x264vfw.dll “VIDC.3iv2”= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) “DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\Network Diagnostic\xpnetdiag.exe”= “%windir%\system32\sessmgr.exe”= “C:\Program Files\uTorrent\uTorrent.exe”= “D:\gry\Mass Effect\Binaries\MassEffect.exe”= “D:\gry\Mass Effect\MassEffectLauncher.exe”= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S1 vcdrom;Virtual CD-ROM Device Driver;C:\Program Files\System\CPL Bonus\Vcdrom.sys [2001-12-19 11:45] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-17 11:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8c08bd04-65fb-11dd-a302-001d7de8b260}] \Shell\AutoRun\command - I:\autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - VCDROM . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 09:17:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] “C:\Program Files\NetMeter\NetMeter.exe”=“C:\Program Files\NetMeter\NetMeter.exe” . Completion time: 2008-08-23 9:18:10 ComboFix-quarantined-files.txt 2008-08-23 07:18:08 ComboFix2.txt 2008-08-22 18:04:09 Pre-Run: 23,878,991,872 bajtów wolnych Post-Run: 23,870,611,456 bajtów wolnych 328 — E O F — 2008-08-21 09:23:26

huber2t · 23 Sierpień 2008 07:25

otwórz notatnik i wklej

Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!