Brak dostępu do menadżera zadań

dilbert · 13 Marzec 2008 18:38

Sory za spam ale nikt mi nie odpisał:(

Mam nietypowy problem chyba ktoś się włamał mi na kompa i mam poprzestawiane wszystko:( Po naciśnieciu ctr+alt+del nie działa menadżer zadań pokazuje komunikat menadzer został wyłączony przez admina. Nie moge zrobić screena i wiele inncyh wstawiam logi:

SD fix:

SDFix: Version 1.156 Run by Administrator on 2008-03-13 at 10:02 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 10:07:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:50,89,30,1a,ab,0e,02,ec,e9,a8,9a,94,68,65,e6,74,89,c5,33,f3,e7,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000000 “ujdew”=hex:50,89,30,1a,ab,0e,02,ec,e9,a8,9a,94,68,65,e6,74,89,c5,33,f3,e7,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 23 Oct 2006 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT78.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT7B.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT77.tmp” Wed 23 Jan 2008 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT41.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\5a563fa477cf8fafb8fe0c62db7d73a1\BIT7C.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\5d8b27483d3f365d76169cb326b6d1c4\BIT7A.tmp” Thu 1 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\69d36bfb88bb6252fc5b48610fdd4093\BIT1E1.tmp” Wed 12 Dec 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\8213811a47d2bd2f8f612f637816d982\BIT79.tmp” Sat 6 Oct 2007 65,536 A…H. — “C:\Documents and Settings\xxxx\Ustawienia lokalne\Dane aplikacji\Microsoft\Outlook~outlook.pst.tmp” Finished!

Combo:

ComboFix 08-03-10.1 - xxxx 2008-03-13 10:26:18.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.165 [GMT 1:00] Running from: C:\Documents and Settings\xxxx\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\adssite-remove.exe . ((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 ))))))))))))))))))))))))))))))) . 2008-03-12 09:23 . 2008-03-12 09:23 2008-03-12 09:19 . 2008-03-12 09:20 2008-03-11 17:07 . 2008-03-11 17:07 2008-03-10 21:27 . 2008-03-10 21:28 2008-03-09 20:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-09 20:13 . 2008-03-09 20:13 2008-03-06 16:07 . 2008-03-06 16:07 2008-03-01 20:38 . 2008-03-01 20:38 2008-03-01 20:36 . 2008-03-01 20:36 2008-03-01 20:36 . 2008-03-01 20:36 2008-03-01 20:36 . 2008-03-01 20:36 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp 2008-03-01 20:36 . 2008-03-01 20:36 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-03-01 20:11 . 2008-03-02 17:46 2008-03-01 10:48 . 2008-03-01 10:59 2008-02-25 19:42 . 2008-03-05 18:46 2008-02-25 17:20 . 2008-02-25 17:11 792,616 --a------ C:\WINDOWS\g-g.exe 2008-02-23 20:56 . 2008-02-23 20:56 2008-02-23 20:56 . 2008-02-23 20:56 2008-02-23 20:56 . 2008-02-23 20:56 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-02-21 22:04 . 2008-03-10 16:13 49,300 —h----- C:\treeinfo.wc 2008-02-17 18:25 . 2008-02-17 18:25 2008-02-17 17:22 . 2008-01-24 21:19 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-02-17 17:22 . 2008-01-27 17:35 49,152 --a------ C:\WINDOWS\system32\dem0nyc.exe 2008-02-17 12:51 . 2008-03-07 20:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-17 12:51 . 2008-02-17 12:51 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-13 09:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-03-11 21:09 937,472 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp 2008-03-11 21:09 3,091,456 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp 2008-03-10 20:34 3,090,944 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp 2008-03-10 20:34 168,448 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp 2008-03-10 19:55 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-10 19:39 3,554,304 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp 2008-03-10 19:39 3,090,432 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp 2008-03-09 19:19 --------- d-----w C:\Program Files\Java 2008-03-06 20:54 3,080,704 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp 2008-03-06 20:54 2,778,112 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp 2008-03-02 20:36 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp 2008-03-02 20:36 2,770,432 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp 2008-03-01 19:36 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-03-01 09:57 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-02-29 22:04 3,054,080 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp 2008-02-29 22:04 2,631,168 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp 2008-02-28 16:44 253,952 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp 2008-02-28 15:22 3,449,344 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp 2008-02-28 15:22 3,053,056 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp 2008-02-25 17:54 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Audacity 2008-02-24 15:26 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Skype 2008-02-16 15:15 3,020,800 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp 2008-02-16 15:15 1,065,472 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp 2008-02-16 08:15 3,171,328 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp 2008-02-14 21:21 3,015,168 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp 2008-02-13 16:26 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Image Zone Express 2008-02-11 17:17 3,010,560 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp 2008-02-10 20:22 3,008,512 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp 2008-02-10 20:22 1,193,472 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp 2008-02-10 17:25 1,789,952 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp 2008-02-09 17:43 3,004,928 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp 2008-02-09 17:43 2,657,792 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp 2008-02-04 21:45 2,998,272 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp 2008-02-04 21:45 2,916,352 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp 2008-01-30 18:51 --------- d-----w C:\Program Files\Winamp 2008-01-28 18:56 2,986,496 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp 2008-01-28 18:56 2,486,272 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp 2008-01-27 10:31 2,983,424 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp 2008-01-27 10:31 2,855,424 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp 2008-01-25 10:16 2,991,104 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp 2008-01-25 10:16 2,979,840 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp 2008-01-23 14:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-23 14:00 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-01-23 13:30 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-23 06:54 3,113,984 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp 2008-01-23 06:54 2,967,552 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp 2008-01-22 15:35 2,965,504 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp 2008-01-22 13:39 2,963,968 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp 2008-01-18 14:13 3,175,424 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp 2008-01-18 14:12 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp 2008-01-17 10:53 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\3DFA 2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll 2008-01-14 12:34 --------- d-----w C:\Program Files\MixMeister Fusion 2008-01-14 06:58 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp 2008-01-14 06:58 2,941,952 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp 2008-01-13 22:50 3,083,776 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp 2008-01-13 22:50 2,941,440 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp 2008-01-07 09:54 2,939,392 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp 2008-01-03 20:39 2,975,232 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp 2008-01-03 20:39 2,917,376 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp 2008-01-02 08:47 2,911,232 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp 2008-01-02 08:47 1,722,880 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2007-12-31 18:04 3,082,752 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp 2007-12-31 18:04 2,906,112 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2007-12-20 17:54 2,886,144 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp 2007-12-20 17:54 2,783,744 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2007-12-17 21:20 3,159,552 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp 2007-12-17 21:20 2,882,048 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2007-12-07 08:45 2,854,912 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp 2007-12-02 18:06 2,850,816 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp 2007-12-02 17:21 2,850,304 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp 2007-12-02 17:20 2,981,376 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp 2007-11-24 21:56 3,132,416 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp 2007-11-24 21:56 2,832,384 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp 2007-11-23 14:15 13,107,316 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2007-11-21 17:15 2,818,560 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp 2007-11-16 17:28 3,654,656 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp 2007-11-16 17:28 2,807,296 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp 2007-11-13 19:13 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp 2007-11-13 19:13 1,723,904 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp 2007-11-12 21:17 3,065,344 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp 2007-11-12 21:17 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp 2007-11-10 08:48 3,271,680 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp 2007-11-10 08:48 2,784,256 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp 2007-10-26 14:02 2,732,032 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp 2007-10-19 20:55 3,016,704 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp 2007-10-19 20:55 2,706,944 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp 2007-10-14 18:56 1,194,496 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp 2007-10-14 18:55 2,689,536 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp 2007-10-14 14:40 3,056,640 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp 2007-10-14 14:40 2,691,584 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp 2007-10-10 19:45 2,921,984 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp 2007-10-10 19:45 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp 2007-10-09 14:19 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp 2007-10-09 14:19 2,671,616 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp 2007-10-06 11:39 2,949,120 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp 2007-10-06 11:39 2,665,984 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp 2007-10-04 20:32 3,004,928 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp 2007-09-28 15:25 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360] “AntyVirus”=“C:\Windows\g-g.exe” [2008-02-25 17:11 792616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 16:41 45056] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-23 23:38 968696] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47 31016] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152] “smss.exe”=“C:\WINDOWS\smss.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nlsf”=“cmd.exe” [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] “nlhr”=“C:\WINDOWS\System32\AdvPack.Dll” [2004-08-03 23:43 100864] “tscuninstall”=“C:\WINDOWS\system32\tscupgrd.exe” [2004-08-03 23:33 44544] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-23 15:03:49 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26 29696] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 09:16:02 839680] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlmaint.exe [2002-12-17 17:23:32 156224] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoUserNameInStartMenu”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “C:\Program Files\Skype\Phone\Skype.exe”= R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 13:36] R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2006-09-17 17:24] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 18:07] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 10:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 10:07] S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys [] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 02:59] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42] . Contents of the ‘Scheduled Tasks’ folder “2008-01-15 13:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-13 10:29:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet009\Services\ASFWHide] “ImagePath”="??\C:\DOCUME~1\xxxx\USTAWI~1\Temp\ASFWHide" . Completion time: 2008-03-13 10:30:43 ComboFix-quarantined-files.txt 2008-03-13 09:30:20 . 2008-03-13 09:14:02 — E O F —

Gutek · 13 Marzec 2008 21:27

Otwórz notatnik i wklej:

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=dword:00000000


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=dword:00000000

"**del.DisableTaskMgr"=" "


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"DisableTaskMgr"=dword:00000000

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą TASKMG.REG Plik podwójnie klikasz i potwierdzasz. Wklej do Notatnika:

File::

C:\Windows\g-g.exe


Driver::

AvFlt

CV2K1


Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AntyVirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=-

"smss.exe"=-

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16t=213350

dilbert · 14 Marzec 2008 12:15

Ok zrobiłemm wszystko tak jak napisane teraz wklejam loga:

ComboFix 08-03-10.1 - xxxx 2008-03-14 12:59:39.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.88 [GMT 1:00] Running from: C:\Documents and Settings\xxxx\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\xxxx\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\Windows\g-g.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\g-g.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_AVFLT -------\LEGACY_CV2K1 -------\AvFlt -------\CV2K1 ((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))) . 2008-03-13 21:53 . 2008-03-14 12:16 2008-03-13 11:01 . 2008-03-14 13:06 2008-03-11 17:07 . 2008-03-11 17:07 2008-03-10 21:27 . 2008-03-10 21:28 2008-03-09 20:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-09 20:13 . 2008-03-09 20:13 2008-03-06 16:07 . 2008-03-06 16:07 2008-03-01 20:38 . 2008-03-01 20:38 2008-03-01 20:36 . 2008-03-01 20:36 2008-03-01 20:36 . 2008-03-01 20:36 2008-03-01 20:36 . 2008-03-01 20:36 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp 2008-03-01 20:36 . 2008-03-01 20:36 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat 2008-03-01 20:11 . 2008-03-02 17:46 2008-03-01 10:48 . 2008-03-01 10:59 2008-02-25 19:42 . 2008-03-05 18:46 2008-02-23 20:56 . 2008-02-23 20:56 2008-02-23 20:56 . 2008-02-23 20:56 2008-02-23 20:56 . 2008-02-23 20:56 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-02-21 22:04 . 2008-03-10 16:13 49,300 —h----- C:\treeinfo.wc 2008-02-17 18:25 . 2008-02-17 18:25 2008-02-17 17:22 . 2008-01-24 21:19 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-02-17 17:22 . 2008-01-27 17:35 49,152 --a------ C:\WINDOWS\system32\dem0nyc.exe 2008-02-17 12:51 . 2008-03-13 19:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-17 12:51 . 2008-02-17 12:51 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-14 11:34 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Audacity 2008-03-13 15:08 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-03-13 15:00 15,578,248 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-03-13 09:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-03-11 21:09 937,472 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp 2008-03-11 21:09 3,091,456 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp 2008-03-10 20:34 3,090,944 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp 2008-03-10 20:34 168,448 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp 2008-03-10 19:39 3,554,304 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp 2008-03-10 19:39 3,090,432 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp 2008-03-09 19:19 --------- d-----w C:\Program Files\Java 2008-03-06 20:54 3,080,704 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp 2008-03-06 20:54 2,778,112 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp 2008-03-02 20:36 3,069,952 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp 2008-03-02 20:36 2,770,432 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp 2008-03-01 09:57 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-02-29 22:04 3,054,080 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp 2008-02-29 22:04 2,631,168 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp 2008-02-28 16:44 253,952 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp 2008-02-28 15:22 3,449,344 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp 2008-02-28 15:22 3,053,056 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp 2008-02-24 15:26 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Skype 2008-02-16 15:15 3,020,800 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp 2008-02-16 15:15 1,065,472 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp 2008-02-16 08:15 3,171,328 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp 2008-02-14 21:21 3,015,168 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp 2008-02-13 16:26 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\Image Zone Express 2008-02-11 17:17 3,010,560 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp 2008-02-10 20:22 3,008,512 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp 2008-02-10 20:22 1,193,472 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp 2008-02-10 17:25 1,789,952 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp 2008-02-09 17:43 3,004,928 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp 2008-02-09 17:43 2,657,792 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp 2008-02-04 21:45 2,998,272 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp 2008-02-04 21:45 2,916,352 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp 2008-01-30 18:51 --------- d-----w C:\Program Files\Winamp 2008-01-28 18:56 2,986,496 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp 2008-01-28 18:56 2,486,272 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp 2008-01-27 10:31 2,983,424 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp 2008-01-27 10:31 2,855,424 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp 2008-01-25 10:16 2,991,104 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp 2008-01-25 10:16 2,979,840 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp 2008-01-23 14:03 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-23 14:00 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-01-23 13:30 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-01-23 06:54 3,113,984 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp 2008-01-23 06:54 2,967,552 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp 2008-01-22 15:35 2,965,504 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp 2008-01-22 13:39 2,963,968 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp 2008-01-18 14:13 3,175,424 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp 2008-01-18 14:12 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp 2008-01-17 10:53 --------- d-----w C:\Documents and Settings\xxxx\Dane aplikacji\3DFA 2008-01-14 12:34 --------- d-----w C:\Program Files\MixMeister Fusion 2008-01-14 06:58 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp 2008-01-14 06:58 2,941,952 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp 2008-01-13 22:50 3,083,776 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp 2008-01-13 22:50 2,941,440 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp 2008-01-07 09:54 2,939,392 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp 2008-01-03 20:39 2,975,232 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp 2008-01-03 20:39 2,917,376 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp 2008-01-02 08:47 2,911,232 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp 2008-01-02 08:47 1,722,880 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2007-12-31 18:04 3,082,752 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp 2007-12-31 18:04 2,906,112 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2007-12-20 17:54 2,886,144 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp 2007-12-20 17:54 2,783,744 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2007-12-17 21:20 3,159,552 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp 2007-12-17 21:20 2,882,048 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2007-12-07 08:45 2,854,912 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp 2007-12-02 18:06 2,850,816 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp 2007-12-02 17:21 2,850,304 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp 2007-12-02 17:20 2,981,376 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp 2007-11-24 21:56 3,132,416 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp 2007-11-24 21:56 2,832,384 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp 2007-11-21 17:15 2,818,560 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp 2007-11-16 17:28 3,654,656 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp 2007-11-16 17:28 2,807,296 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp 2007-11-13 19:13 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp 2007-11-13 19:13 1,723,904 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp 2007-11-12 21:17 3,065,344 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp 2007-11-12 21:17 2,792,448 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp 2007-11-10 08:48 3,271,680 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp 2007-11-10 08:48 2,784,256 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp 2007-10-26 14:02 2,732,032 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp 2007-10-19 20:55 3,016,704 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp 2007-10-19 20:55 2,706,944 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp 2007-10-14 18:56 1,194,496 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp 2007-10-14 18:55 2,689,536 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp 2007-10-14 14:40 3,056,640 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp 2007-10-14 14:40 2,691,584 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp 2007-10-10 19:45 2,921,984 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp 2007-10-10 19:45 2,681,344 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp 2007-10-09 14:19 2,957,824 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp 2007-10-09 14:19 2,671,616 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp 2007-10-06 11:39 2,949,120 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp 2007-10-06 11:39 2,665,984 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp 2007-10-04 20:32 3,004,928 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp 2007-09-28 15:25 37,888 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp 2007-09-27 21:03 2,692,608 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp 2007-09-25 18:43 3,044,864 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp . ((((((((((((((((((((((((((((( snapshot@2008-03-13_10.30.03.54 ))))))))))))))))))))))))))))))))))))))))) . + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-03-13 20:53:05 27,648 ----a-r C:\WINDOWS\Installer{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe + 1999-04-24 02:22:00 24,576 ----a-w C:\WINDOWS\system32\Rsrc32.dll + 2008-03-14 12:06:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_190.dat + 2008-03-14 12:06:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360] “Steam”=“C:\Program Files\Steam\Steam.exe” [2008-03-13 21:53 1266936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 16:41 45056] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-23 23:38 968696] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 23:47 31016] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784] “WebAccelerator”=“C:\Program Files\Web Accelerator\webxl.exe” [] “cFosSpeed”=“C:\Program Files\cFosSpeed\cFosSpeed.exe” [2006-11-08 16:46 815104] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nlsf”=“cmd.exe” [2004-08-03 23:44 395776 C:\WINDOWS\system32\cmd.exe] “nlhr”=“C:\WINDOWS\System32\AdvPack.Dll” [2004-08-03 23:43 100864] “tscuninstall”=“C:\WINDOWS\system32\tscupgrd.exe” [2004-08-03 23:33 44544] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-23 15:03:49 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26 29696] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 09:16:02 839680] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlmaint.exe [2002-12-17 17:23:32 156224] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoUserNameInStartMenu”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “C:\Program Files\Skype\Phone\Skype.exe”= R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-10-06 13:36] R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2006-09-17 17:24] R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2003-04-15 18:07] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 10:03] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 10:07] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 02:59] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42] . Contents of the ‘Scheduled Tasks’ folder “2008-01-15 13:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 13:06:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet009\Services\ASFWHide] “ImagePath”="??\C:\DOCUME~1\xxxx\USTAWI~1\Temp\ASFWHide" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-03-14 13:10:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-14 12:10:04 ComboFix2.txt 2008-03-13 09:30:44 . 2008-03-13 09:14:02 — E O F —