Brak ikon i paska start na pulpicie


(system) #1

Po włączeniu windowsa mam samą tapete, brak jakichkolwiek ikon oraz paska start. Da sie tylko uruchomić menedżer zadań. :? Po jakimś kwadransie nagle wszystkie ikony pojawiają się. To nie jest raczej żaden wirus ani spyware gdyż skanowałem kompa wiele razy i nic nie wykryło.

Tutaj wklejam log.

http://wklej.org/id/73550b4284

Z góry dziekuje za pomoc.


(Leon$) #2

start >> uruchom >> cmd

sc stop SLEE_503_SERVICE

sc delete SLEE_503_SERVICE

wpisy

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\26BF497F320A43C3B0EF4CB5702DDFDA\Translator.lnk (file missing)

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\26BF497F320A43C3B0EF4CB5702DDFDA\Translator.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

usuń HijackThisem >> Fix checked

pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 przeskanuj i daj log

:slight_smile:


(system) #3

Zrobiłem wszystko tak jak mówiłeś…

Wklejam log z tego całego Combofixa ( troche sie wystraszyłem jak go uruchomiłem bo różne rzeczy sie działy na kompie :-p)

ComboFix 08-03-10.1 - xp 2008-03-10 18:48:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.613 [GMT 1:00]

Running from: C:\Documents and Settings\xp\Pulpit\Combo-Fix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\mpqss.ini

C:\WINDOWS\system32\mpqss.ini2

.

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

2008-03-10 18:40 . 2008-03-10 18:40

2008-03-07 00:47 . 2008-03-07 00:47

2008-03-07 00:36 . 2008-03-07 00:36

2008-03-06 22:18 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-03-06 12:49 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-06 12:49 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-06 12:48 . 2008-03-06 12:48

2008-03-06 12:48 . 2008-03-06 12:48

2008-03-05 15:38 . 2008-03-05 15:38

2008-03-05 15:32 . 2008-03-05 15:32

2008-03-05 15:32 . 2008-03-05 15:32

2008-03-03 17:55 . 2008-03-05 15:28

2008-03-03 17:47 . 2008-03-04 00:22

2008-03-01 23:08 . 2008-03-07 00:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-01 23:08 . 2008-03-01 23:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-29 12:03 . 2008-03-10 14:17

2008-02-25 21:26 . 2008-02-25 21:27 145 --a------ C:\WINDOWS\notepad.ini

2008-02-23 12:30 . 2008-03-06 21:39 250 --a------ C:\WINDOWS\gmer.ini

2008-02-23 11:55 . 2008-02-23 11:55

2008-02-23 02:07 . 2008-03-05 14:51

2008-02-23 01:18 . 2008-03-10 18:36

2008-02-22 22:08 . 2008-02-22 22:08 2 --a------ C:\1022887592

2008-02-21 00:31 . 2008-02-21 00:26 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-21 00:31 . 2008-02-21 00:31 2,547 --a------ C:\WINDOWS\unins000.dat

2008-02-20 17:33 . 2008-03-10 15:30

2008-02-20 12:43 . 2008-02-20 12:48

2008-02-19 23:34 . 2008-02-19 23:34

2008-02-19 23:34 . 2008-02-19 23:34

2008-02-16 23:14 . 2008-02-16 23:14

2008-02-16 23:14 . 2008-02-16 23:15

2008-02-16 15:31 . 2008-02-16 15:31 248 --a------ C:\WINDOWS\system32\winsys.lit

2008-02-16 15:31 . 2008-02-16 15:31 248 --a------ C:\WINDOWS\system32\mhi6uuvs.cv2

2008-02-16 15:31 . 2008-02-16 15:31 0 --a------ C:\WINDOWS\LingoLite.INI

2008-02-16 15:20 . 2008-02-24 18:18

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 14:33 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\Skype

2008-03-06 20:56 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2008-03-06 20:56 1,218,560 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2008-03-06 11:03 --------- d-----w C:\Program Files\EsetOnlineScanner

2008-02-24 19:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-02-24 17:18 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-02-24 17:18 --------- d-----w C:\Program Files\Real Alternative

2008-02-24 17:18 --------- d-----w C:\Program Files\QuickTime

2008-02-24 17:18 --------- d-----w C:\Program Files\OpenAL

2008-02-24 17:18 --------- d-----w C:\Program Files\ooVoo

2008-02-24 17:18 --------- d-----w C:\Program Files\Malicious Software Removal Tool

2008-02-24 17:18 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard

2008-02-24 17:18 --------- d-----w C:\Program Files\Gadu-Gadu

2008-02-24 17:18 --------- d-----w C:\Program Files\Disc2Phone

2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Skype

2008-02-24 17:18 --------- d-----w C:\Program Files\Avant Browser

2008-02-19 23:41 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\uTorrent

2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

2008-02-09 16:16 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\ooVoo Details

2008-02-09 16:15 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-02-08 13:35 --------- d-----w C:\Program Files\INTERIAPL

2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

2008-02-08 10:06 --------- d-----w C:\Program Files\Skype

2008-02-07 23:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-02-07 23:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-02-07 22:02 --------- d-----w C:\Program Files\Vimicro

2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-08-01 08:37 120,649 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_19_11_21_small.dmp.zip

2007-07-06 18:05 21,461,881 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_06_17_44_28_full.dmp.zip

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]

“tray”=“D:\Program files\Pogoda\pogoda.exe” [2006-07-22 13:30 2364416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-12-09 20:06 7311360]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-12-09 20:06 86016]

“RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 09:47 16208384 C:\WINDOWS\RTHDCPL.exe]

“SkyTel”=“SkyTel.EXE” [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-03-05 15:39 249896]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-08-29 20:36 155648]

“BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 16:46 57344]

“ZoneAlarm Client”=“D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-11-14 16:05 919016]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]

“SSS6_Suite”=“D:\Program Files\Steganos Security Suite 6\sss.exe” [2004-01-29 17:46 827392]

“SSS6_SAFE”=“D:\Program Files\Steganos Security Suite 6\safe.exe” [2004-02-02 17:43 204800]

“SSS6_SPM”=“D:\Program Files\Steganos Security Suite 6\spm.exe” [2004-01-29 17:45 180224]

“Picasa Media Detector”=“D:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

WL-8313 Configuration Utility.lnk - D:\Program Files\PLANET WL-8313\WLANMON.exe [2007-09-01 14:26:55 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoStrCmpLogical”= 1 (0x1)

“NoAutoTrayNotify”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“ForceClassicControlPanel”= 1 (0x1)

“NoWelcomeScreen”= 1 (0x1)

“NoRecentDocsNetHood”= 1 (0x1)

“NoDesktopCleanupWizard”= 1 (0x1)

“NoAutoUpdate”= 1 (0x1)

“NoStartMenuPinnedList”= 1 (0x1)

“Start_NotifyNewApps”= 0 (0x0)

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\Program files\BitComet\BitComet.exe”=

“D:\Program files\Tlen.pl\tlen.exe”=

“D:\Program files\uTorrent\utorrent.exe”=

“D:\Program files\Warcraft III\Warcraft III.exe”=

“D:\Program files\BearShare\BearShare.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\ooVoo\ooVoo.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\WINDOWS\system32\rundll32.exe”=

“D:\Program files\Defcon\defcon.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“17710:TCP”= 17710:TCP:BitComet 17710 TCP

“17710:UDP”= 17710:UDP:BitComet 17710 UDP

“11812:TCP”= 11812:TCP:BitComet 11812 TCP

“11812:UDP”= 11812:UDP:BitComet 11812 UDP

“8543:TCP”= 8543:TCP:BitComet 8543 TCP

“8543:UDP”= 8543:UDP:BitComet 8543 UDP

“27318:TCP”= 27318:TCP:BitComet 27318 TCP

“27318:UDP”= 27318:UDP:BitComet 27318 UDP

“13683:TCP”= 13683:TCP:BitComet 13683 TCP

“13683:UDP”= 13683:UDP:BitComet 13683 UDP

“19067:TCP”= 19067:TCP:BitComet 19067 TCP

“19067:UDP”= 19067:UDP:BitComet 19067 UDP

“443:TCP”= 443:TCP:*:Disabled:ooVoo TCP port 443

“443:UDP”= 443:UDP:*:Disabled:ooVoo UDP port 443

“37674:TCP”= 37674:TCP:*:Disabled:ooVoo TCP port 37674

“37674:UDP”= 37674:UDP:*:Disabled:ooVoo UDP port 37674

“37675:UDP”= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];C:\WINDOWS\system32\drivers\SLEE503.sys [2002-11-28 09:10]

R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys [2004-01-19 10:09]

R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 10:24]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-29 15:26]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-29 15:26]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-29 15:26]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-29 15:26]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-29 15:26]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 18:49:35

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-10 18:50:06

ComboFix-quarantined-files.txt 2008-03-10 17:49:58


(Leon$) #4

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Po restarcie jeśli wszystko będzie OK usuń ręcznie folder C: \Qoobox

:slight_smile:


(system) #5

ComboFix 08-03-10.1 - xp 2008-03-10 20:44:52.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.588 [GMT 1:00]

Running from: C:\Documents and Settings\xp\Pulpit\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\xp\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\Internet Logs\xDB18.tmp

C:\WINDOWS\Internet Logs\xDB19.tmp

C:\WINDOWS\LingoLite.INI

C:\WINDOWS\system32\mhi6uuvs.cv2

C:\WINDOWS\system32\winsys.lit

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Internet Logs\xDB18.tmp

C:\WINDOWS\Internet Logs\xDB19.tmp

C:\WINDOWS\LingoLite.INI

C:\WINDOWS\system32\mhi6uuvs.cv2

C:\WINDOWS\system32\winsys.lit

.

((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))

.

2008-03-10 18:40 . 2008-03-10 18:40

2008-03-07 00:47 . 2008-03-07 00:47

2008-03-07 00:36 . 2008-03-07 00:36

2008-03-06 22:18 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-03-06 12:49 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-03-06 12:49 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-03-06 12:48 . 2008-03-06 12:48

2008-03-06 12:48 . 2008-03-06 12:48

2008-03-05 15:38 . 2008-03-05 15:38

2008-03-05 15:32 . 2008-03-05 15:32

2008-03-05 15:32 . 2008-03-05 15:32

2008-03-03 17:55 . 2008-03-05 15:28

2008-03-03 17:47 . 2008-03-04 00:22

2008-03-01 23:08 . 2008-03-07 00:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-01 23:08 . 2008-03-01 23:08 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-29 12:03 . 2008-03-10 14:17

2008-02-25 21:26 . 2008-02-25 21:27 145 --a------ C:\WINDOWS\notepad.ini

2008-02-23 12:30 . 2008-03-06 21:39 250 --a------ C:\WINDOWS\gmer.ini

2008-02-23 11:55 . 2008-02-23 11:55

2008-02-23 02:07 . 2008-03-05 14:51

2008-02-23 01:18 . 2008-03-10 20:36

2008-02-22 22:08 . 2008-02-22 22:08 2 --a------ C:\1022887592

2008-02-21 00:31 . 2008-02-21 00:26 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-21 00:31 . 2008-02-21 00:31 2,547 --a------ C:\WINDOWS\unins000.dat

2008-02-20 17:33 . 2008-03-10 15:30

2008-02-20 12:43 . 2008-02-20 12:48

2008-02-19 23:34 . 2008-02-19 23:34

2008-02-19 23:34 . 2008-02-19 23:34

2008-02-16 23:14 . 2008-02-16 23:14

2008-02-16 23:14 . 2008-02-16 23:15

2008-02-16 15:20 . 2008-02-24 18:18

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 14:33 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\Skype

2008-03-06 11:03 --------- d-----w C:\Program Files\EsetOnlineScanner

2008-02-24 19:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-02-24 17:18 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-02-24 17:18 --------- d-----w C:\Program Files\Real Alternative

2008-02-24 17:18 --------- d-----w C:\Program Files\QuickTime

2008-02-24 17:18 --------- d-----w C:\Program Files\OpenAL

2008-02-24 17:18 --------- d-----w C:\Program Files\ooVoo

2008-02-24 17:18 --------- d-----w C:\Program Files\Malicious Software Removal Tool

2008-02-24 17:18 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard

2008-02-24 17:18 --------- d-----w C:\Program Files\Gadu-Gadu

2008-02-24 17:18 --------- d-----w C:\Program Files\Disc2Phone

2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Skype

2008-02-24 17:18 --------- d-----w C:\Program Files\Avant Browser

2008-02-19 23:41 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\uTorrent

2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

2008-02-09 16:16 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\ooVoo Details

2008-02-09 16:15 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-02-08 13:35 --------- d-----w C:\Program Files\INTERIAPL

2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

2008-02-08 10:06 --------- d-----w C:\Program Files\Skype

2008-02-07 23:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-02-07 23:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-02-07 22:02 --------- d-----w C:\Program Files\Vimicro

2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-08-01 08:37 120,649 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_19_11_21_small.dmp.zip

2007-07-06 18:05 21,461,881 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_06_17_44_28_full.dmp.zip

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]

“tray”=“D:\Program files\Pogoda\pogoda.exe” [2006-07-22 13:30 2364416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-12-09 20:06 7311360]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-12-09 20:06 86016]

“RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 09:47 16208384 C:\WINDOWS\RTHDCPL.exe]

“SkyTel”=“SkyTel.EXE” [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-03-05 15:39 249896]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-08-29 20:36 155648]

“BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 16:46 57344]

“ZoneAlarm Client”=“D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-11-14 16:05 919016]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]

“SSS6_Suite”=“D:\Program Files\Steganos Security Suite 6\sss.exe” [2004-01-29 17:46 827392]

“SSS6_SAFE”=“D:\Program Files\Steganos Security Suite 6\safe.exe” [2004-02-02 17:43 204800]

“SSS6_SPM”=“D:\Program Files\Steganos Security Suite 6\spm.exe” [2004-01-29 17:45 180224]

“Picasa Media Detector”=“D:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

WL-8313 Configuration Utility.lnk - D:\Program Files\PLANET WL-8313\WLANMON.exe [2007-09-01 14:26:55 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoStrCmpLogical”= 1 (0x1)

“NoAutoTrayNotify”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“ForceClassicControlPanel”= 1 (0x1)

“NoWelcomeScreen”= 1 (0x1)

“NoRecentDocsNetHood”= 1 (0x1)

“NoDesktopCleanupWizard”= 1 (0x1)

“NoAutoUpdate”= 1 (0x1)

“NoStartMenuPinnedList”= 1 (0x1)

“Start_NotifyNewApps”= 0 (0x0)

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\Program files\BitComet\BitComet.exe”=

“D:\Program files\Tlen.pl\tlen.exe”=

“D:\Program files\uTorrent\utorrent.exe”=

“D:\Program files\Warcraft III\Warcraft III.exe”=

“D:\Program files\BearShare\BearShare.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\ooVoo\ooVoo.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\WINDOWS\system32\rundll32.exe”=

“D:\Program files\Defcon\defcon.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“17710:TCP”= 17710:TCP:BitComet 17710 TCP

“17710:UDP”= 17710:UDP:BitComet 17710 UDP

“11812:TCP”= 11812:TCP:BitComet 11812 TCP

“11812:UDP”= 11812:UDP:BitComet 11812 UDP

“8543:TCP”= 8543:TCP:BitComet 8543 TCP

“8543:UDP”= 8543:UDP:BitComet 8543 UDP

“27318:TCP”= 27318:TCP:BitComet 27318 TCP

“27318:UDP”= 27318:UDP:BitComet 27318 UDP

“13683:TCP”= 13683:TCP:BitComet 13683 TCP

“13683:UDP”= 13683:UDP:BitComet 13683 UDP

“19067:TCP”= 19067:TCP:BitComet 19067 TCP

“19067:UDP”= 19067:UDP:BitComet 19067 UDP

“443:TCP”= 443:TCP:*:Disabled:ooVoo TCP port 443

“443:UDP”= 443:UDP:*:Disabled:ooVoo UDP port 443

“37674:TCP”= 37674:TCP:*:Disabled:ooVoo TCP port 37674

“37674:UDP”= 37674:UDP:*:Disabled:ooVoo UDP port 37674

“37675:UDP”= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];C:\WINDOWS\system32\drivers\SLEE503.sys [2002-11-28 09:10]

R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys [2004-01-19 10:09]

R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 10:24]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-29 15:26]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-29 15:26]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-29 15:26]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-29 15:26]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-29 15:26]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-10 20:45:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-10 20:46:23

ComboFix-quarantined-files.txt 2008-03-10 19:46:21

ComboFix2.txt 2008-03-10 17:50:07


(system) #6

Bardzo dziekuje za pomoc. Nie wiem nawet co zrobiłem ale pewnie usunąłem coś szkodliwego :slight_smile: A format robie tylko z okazji zakupu nowego kompa :slight_smile:

Dzieki i pozdro


(Gutek) #7

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(system) #8

Sorki wiem o tym ale chciałem szybko wkleić.


(Gutek) #9

To nie jest tłumaczenie!