Delsim Dialer, spowolniony komputer

Yoooj · 28 Czerwiec 2007 18:27

Oto Log z HijackThis :

Logfile of HijackThis v1.99.1 Scan saved at 20:17:49, on 2007-05-28 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\services.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\iexplore.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\cmd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\cmd.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing) O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [orcToByloLatwe] C:\WINDOWS\services.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Flashget] “C:\Program Files\FlashGet\FlashGet.exe” /min O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [shareaza] “C:\Program Files\K-litePro\K-litePro.exe” -tray O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\iexplore.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Windows task processor - Unknown owner - C:\WINDOWS\cmd.exe

Dialer muli mi kompa co 5min stronki po prostu otworzyć się nie chcą lecz gg działa nadal … Pomocy !~~

qrczak13 · 28 Czerwiec 2007 20:56

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Start > uruchom > cmd > wpisz:

sc stop "Microsoft Internet Explorer"

sc stop "Windows task processor"

sc delete "Microsoft Internet Explorer"

sc delete "Windows task processor"

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:

C:\WINDOWS\services.exe

C:\WINDOWS\iexplore.exe

C:\WINDOWS\cmd.exe

i naciskasz X czerwony. Program poprosi o restart kompa, co robisz, ale dopiero po wklejeniu ostatniej ścieżki.

Jeśli to nie Twoja strona to usuń w HijackThis.

Usuń w HijackThis.

Po wykonaniu w/w daj log z ComboFix.

Yoooj · 28 Czerwiec 2007 21:40

Oto ten log pogrubiłem plik, który wydaję mi sie dziwny mam go w C:/ =o.

“=p” - 2007-05-28 23:30:37 - ComboFix 07-06-27.7 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\History\search C:\WINDOWS\ctfmon.exe C:\WINDOWS\hosts C:\WINDOWS\system32\kdrrk.exe ((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))) 2007-05-31 16:34 2007-05-28 23:30 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-28 23:20 2007-05-28 09:19 132,608 --a------ C:\v6q6g5f1w7e1.exe 2007-05-27 16:49 2007-05-25 19:04 2007-05-25 16:13 2007-05-23 20:37 2007-05-23 20:37 2007-05-21 22:05 502,272 -r-hs---- C:\WINDOWS\srvrmgr.exe 2007-05-20 21:53 2007-05-20 11:21 514,560 -r-hs---- C:\WINDOWS\MSASCu.exe 2007-05-19 22:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-05-19 20:52 2007-05-18 15:59 503,808 -r-hs---- C:\WINDOWS\display.exe 2007-05-17 00:47 513,024 -r-hs---- C:\WINDOWS\logic.exe 2007-05-16 14:34 2007-05-02 19:01 2007-04-28 21:34 146,944 --a------ C:\WINDOWS\system32\olh.exe 2007-04-28 19:16 146,944 --a------ C:\WINDOWS\system32\vnb.exe 2007-04-28 19:09 146,944 --a------ C:\WINDOWS\system32\cuv.exe 2007-04-28 17:48 146,944 --a------ C:\WINDOWS\system32\qpj.exe 2007-04-28 17:21 146,944 --a------ C:\WINDOWS\system32\oeg.exe 2007-04-28 16:32 146,944 --a------ C:\WINDOWS\system32\mbq.exe 2007-04-28 16:25 146,944 --a------ C:\WINDOWS\system32\bvt.exe 2007-04-28 16:18 146,944 --a------ C:\WINDOWS\system32\elm.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-14 11:42:44 -------- d-----w C:\Program Files\Opera 2007-06-09 16:19:37 515,584 --sh–r C:\WINDOWS\regent.exe 2007-06-07 15:09:42 -------- d-----w C:\Program Files\Ruins of Alkor V.3.4 2007-06-07 13:29:22 -------- d-----w C:\Program Files\Asprate 2007-06-06 21:02:35 -------- d-----w C:\Program Files\VIA Technologies, INC 2007-06-06 19:49:06 -------- d-----w C:\Program Files\Realtek 2007-06-06 19:47:50 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-06-06 19:36:25 -------- d-----w C:\Program Files\Realtek AC97 2007-06-06 07:36:59 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\AdobeUM 2007-06-05 20:37:27 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Ashampoo 2007-06-05 20:36:43 -------- d-----w C:\Program Files\Ashampoo 2007-06-05 20:25:17 -------- d-----w C:\Program Files\SlySoft 2007-06-04 16:23:28 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE 2007-06-04 15:41:53 505,344 ----a-w C:\WINDOWS\system32\lgv.exe 2007-06-04 14:57:35 505,344 ----a-w C:\WINDOWS\system32\wuc.exe 2007-06-04 14:54:23 505,344 ----a-w C:\WINDOWS\system32\gzq.exe 2007-06-04 14:51:43 505,344 ----a-w C:\WINDOWS\system32\fmc.exe 2007-06-04 14:42:27 505,344 ----a-w C:\WINDOWS\system32\tak.exe 2007-06-04 14:37:06 505,344 ----a-w C:\WINDOWS\system32\cda.exe 2007-06-04 14:35:05 505,344 ----a-w C:\WINDOWS\system32\kzn.exe 2007-06-03 14:53:52 -------- d-----w C:\Program Files\MagiKnights 2007-06-01 19:41:39 -------- d-----w C:\Program Files\Xentare 2007-05-28 19:57:29 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-28 19:00:57 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-28 18:47:48 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-05-28 18:47:48 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-05-28 18:08:23 -------- d-----w C:\Program Files\AskTBar 2007-05-28 17:41:20 -------- d-----w C:\Program Files\C-Media Audio 2007-05-28 17:41:02 -------- d-----w C:\Program Files\Elaborate Bytes 2007-05-26 10:53:33 -------- d-----w C:\Program Files\Tibia 2007-05-26 10:52:16 -------- d-----w C:\Program Files\Kazaa Lite Rewolucja 2007-05-26 10:49:15 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-19 18:52:26 -------- d-----w C:\Program Files\ÇĂ·ąŔĚ¸ĹĹ©·Î 2007-05-19 18:52:22 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2007-05-16 10:22:53 -------- d-----w C:\Program Files\TibiaBot NG 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-27 20:50:23 146,944 ----a-w C:\WINDOWS\system32\cgb.exe 2007-04-27 20:27:12 146,944 ----a-w C:\WINDOWS\system32\ksj.exe 2007-04-27 20:23:52 146,944 ----a-w C:\WINDOWS\system32\qoq.exe 2007-04-27 20:19:32 146,944 ----a-w C:\WINDOWS\system32\jet.exe 2007-04-27 20:15:47 -------- d–h--w C:\Program Files\Common Files\delsim 2007-04-27 20:15:06 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-04-27 20:14:55 146,944 ----a-w C:\WINDOWS\system32\jqt.exe 2007-04-26 19:33:40 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-04-25 14:20:48 4,030,144 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-04-20 21:31:27 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\MegauploadToolbar 2007-04-20 21:04:11 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Media Player Classic 2007-04-20 21:03:27 -------- d-----w C:\Program Files\QuickTime Alternative 2007-04-13 18:06:08 659 ----a-w C:\WINDOWS\mozver.dat 2007-04-09 21:30:36 959 ----a-w C:\WINDOWS\eReg.dat 2007-04-09 17:16:47 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-09 16:52:35 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-08 20:54:56 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Hamachi 2007-04-08 20:25:36 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-08 09:54:06 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Opera 2007-04-08 07:15:50 50,968 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-08 07:15:50 359,046 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-07 07:34:06 -------- d-----w C:\Program Files\PROKOM Software SA 2007-04-07 07:31:21 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-06 07:48:39 -------- d-----w C:\Program Files\Gadu-Gadu 2007-03-29 13:24:02 -------- d–h--w C:\Program Files\WindowsUpdate 2007-03-27 14:43:31 0 -c–a-w C:\WINDOWS\nsreg.dat 2007-03-26 17:43:30 1,249 -c–a-w C:\WINDOWS\unins000.dat 2007-03-26 15:34:28 0 --sha-r C:\MSDOS.SYS 2007-03-26 15:34:28 0 --sha-r C:\IO.SYS 2007-03-26 15:34:28 0 ----a-w C:\CONFIG.SYS 2007-03-26 15:34:28 0 ----a-w C:\AUTOEXEC.BAT 2007-03-26 15:28:53 21,856 -c–a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 00:47] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-06-11 11:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “Cmaudio”=“cmicnfg.cpl” [] “AT-Watch”="" [] “Anti-Trojan-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “CloneCDTray”=“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 21:21] “SoundMan”=“SOUNDMAN.EXE” [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe] “Flashget”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-06-19 10:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [] “Shareaza”=“C:\Program Files\K-litePro\K-litePro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-29 00:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiscSpaceChecks”=000000000000f03f *Newly Created Service* - IPNAT ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 23:34:41 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** Completion time: 2007-05-28 23:37:02 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-28 23:36 — E O F —

:o

qrczak13 · 29 Czerwiec 2007 19:08

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport C:\avenger.txt

Twoje? Jak nie to usuń foldery.

Nowy log z combofix.

Yoooj · 29 Czerwiec 2007 19:37

@Up kiedy klikam na zielone światło :

Error : selected file does not appear to be a valid script, klikam ok i :

Error : Press OK to log error and continue or Cancel to abort. ehh i potem

Error : Code 0. :o

qrczak13 · 29 Czerwiec 2007 19:50

Ach przepraszam. Wklejam poprawnie.

Yoooj · 29 Czerwiec 2007 20:02

Log z avenger :

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\iucvjdnx ******************* Script file located at: ??\C:\Program Files\tkbsobib.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\v6q6g5f1w7e1.exe deleted successfully. File C:\WINDOWS\display.exe deleted successfully. File C:\WINDOWS\logic.exe deleted successfully. File C:\WINDOWS\srvrmgr.exe deleted successfully. File C:\WINDOWS\MSASCu.exe deleted successfully. File C:\WINDOWS\system32\olh.exe deleted successfully. File C:\WINDOWS\system32\vnb.exe deleted successfully. File C:\WINDOWS\system32\cuv.exe deleted successfully. File C:\WINDOWS\system32\qpj.exe deleted successfully. File C:\WINDOWS\system32\oeg.exe deleted successfully. File C:\WINDOWS\system32\mbq.exe deleted successfully. File C:\WINDOWS\system32\bvt.exe deleted successfully. File C:\WINDOWS\system32\elm.exe deleted successfully. File C:\WINDOWS\regent.exe deleted successfully. File C:\WINDOWS\system32\lgv.exe deleted successfully. File C:\WINDOWS\system32\wuc.exe deleted successfully. File C:\WINDOWS\system32\gzq.exe deleted successfully. File C:\WINDOWS\system32\fmc.exe deleted successfully. File C:\WINDOWS\system32\tak.exe deleted successfully. File C:\WINDOWS\system32\cda.exe deleted successfully. File C:\WINDOWS\system32\kzn.exe deleted successfully. File C:\WINDOWS\system32\cgb.exe deleted successfully. File C:\WINDOWS\system32\jet.exe deleted successfully. File C:\WINDOWS\system32\ksj.exe deleted successfully. File C:\WINDOWS\system32\qoq.exe deleted successfully. Completed script processing. *******************

Combo Fix :

“Goka” - 2007-05-29 21:58:03 - ComboFix 07-06-27.7 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))) 2007-05-31 16:34 2007-05-29 19:36 2007-05-29 14:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-05-29 14:36 2007-05-28 23:30 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-28 23:20 2007-05-27 16:49 2007-05-25 19:04 2007-05-25 16:13 2007-05-23 20:37 2007-05-23 20:37 2007-05-20 21:53 2007-05-19 22:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-05-16 14:34 2007-05-02 19:01 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-07 15:09:42 -------- d-----w C:\Program Files\Ruins of Alkor V.3.4 2007-06-07 13:29:22 -------- d-----w C:\Program Files\Asprate 2007-06-06 21:02:35 -------- d-----w C:\Program Files\VIA Technologies, INC 2007-06-06 19:49:06 -------- d-----w C:\Program Files\Realtek 2007-06-06 19:47:50 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-06-06 19:36:25 -------- d-----w C:\Program Files\Realtek AC97 2007-06-06 07:36:59 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\AdobeUM 2007-06-05 20:37:27 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Ashampoo 2007-06-05 20:36:43 -------- d-----w C:\Program Files\Ashampoo 2007-06-05 20:25:17 -------- d-----w C:\Program Files\SlySoft 2007-06-04 16:23:28 2,560 ----a-w C:\WINDOWS_MSRSTRT.EXE 2007-06-03 14:53:52 -------- d-----w C:\Program Files\MagiKnights 2007-06-01 19:41:39 -------- d-----w C:\Program Files\Xentare 2007-05-29 16:23:10 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-29 10:43:33 -------- d-----w C:\Program Files\Tibia 2007-05-29 08:30:20 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-28 21:36:59 50,952 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-28 21:36:59 359,032 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-28 18:47:48 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-05-28 18:47:48 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-05-28 18:08:23 -------- d-----w C:\Program Files\AskTBar 2007-05-28 17:41:20 -------- d-----w C:\Program Files\C-Media Audio 2007-05-28 17:41:02 -------- d-----w C:\Program Files\Elaborate Bytes 2007-05-26 10:52:16 -------- d-----w C:\Program Files\Kazaa Lite Rewolucja 2007-05-26 10:49:15 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-19 18:52:22 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2007-05-16 10:22:53 -------- d-----w C:\Program Files\TibiaBot NG 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-27 20:15:47 -------- d–h--w C:\Program Files\Common Files\delsim 2007-04-27 20:15:06 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-04-27 20:14:55 146,944 ----a-w C:\WINDOWS\system32\jqt.exe 2007-04-26 19:33:40 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-04-25 14:20:48 4,030,144 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-04-20 21:31:27 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\MegauploadToolbar 2007-04-20 21:04:11 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Media Player Classic 2007-04-20 21:03:27 -------- d-----w C:\Program Files\QuickTime Alternative 2007-04-13 18:06:08 659 ----a-w C:\WINDOWS\mozver.dat 2007-04-09 21:30:36 959 ----a-w C:\WINDOWS\eReg.dat 2007-04-09 17:16:47 -------- d-----w C:\Program Files\Alcohol Soft 2007-04-09 16:52:35 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-04-08 20:54:56 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Hamachi 2007-04-08 20:25:36 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-08 09:54:06 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Opera 2007-04-07 07:34:06 -------- d-----w C:\Program Files\PROKOM Software SA 2007-04-07 07:31:21 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-06 07:48:39 -------- d-----w C:\Program Files\Gadu-Gadu 2007-03-29 13:24:02 -------- d–h--w C:\Program Files\WindowsUpdate 2007-03-27 14:43:31 0 -c–a-w C:\WINDOWS\nsreg.dat 2007-03-26 17:43:30 1,249 -c–a-w C:\WINDOWS\unins000.dat 2007-03-26 15:34:28 0 --sha-r C:\MSDOS.SYS 2007-03-26 15:34:28 0 --sha-r C:\IO.SYS 2007-03-26 15:34:28 0 ----a-w C:\CONFIG.SYS 2007-03-26 15:34:28 0 ----a-w C:\AUTOEXEC.BAT 2007-03-26 15:28:53 21,856 -c–a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 00:47] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-06-11 11:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “Cmaudio”=“cmicnfg.cpl” [] “AT-Watch”="" [] “Anti-Trojan-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “CloneCDTray”=“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 21:21] “SoundMan”=“SOUNDMAN.EXE” [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe] “Flashget”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-06-19 10:49] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-03-10 02:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [] “Shareaza”=“C:\Program Files\K-litePro\K-litePro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-29 00:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiscSpaceChecks”=000000000000f03f *Newly Created Service* - UMWDF ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 22:00:10 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … ? [1544] scanning hidden autostart entries … scanning hidden files … ************************************************************************** Completion time: 2007-05-29 22:01:16 C:\ComboFix-quarantined-files.txt … 2007-05-29 22:00 C:\ComboFix2.txt … 2007-05-28 23:37 — E O F —

qrczak13 · 29 Czerwiec 2007 20:12

Ściągasz Pocket Killbox,

zaznaczasz Delete on Reboot , wciskasz All Files , kopiujesz wszystko co na czerwono poniżej:

C:\WINDOWS\system32\jqt.exe

i naciskasz X czerwony. Program poprosi o restart kompa, co robisz.

Czyszczenie rejestru - jv16

PowerTools 2006 1.5.2.350

Co z tymi folderami?

Yoooj · 29 Czerwiec 2007 20:38

@UP

Te foldery usunałem, a te czyszczenie rejestru [chyba sie udało, bo nie czaje tego, ale zaznaczyłem wszytsko idałem remove] chyba dobrze. Dzieki ;]

qrczak13 · 29 Czerwiec 2007 20:47

Możesz kontrolnie dać log z combo.

Yoooj · 1 Lipiec 2007 09:18

Proszę Bardzo :

“Goka” - 2007-05-31 11:13:49 - ComboFix 07-06-27.7 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))) 2007-05-31 16:34 2007-05-30 20:39 2007-05-30 13:05 249,856 --------- C:\WINDOWS\Setup1.exe 2007-05-30 13:05 2007-05-30 13:04 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-05-29 22:33 2007-05-29 19:36 2007-05-29 14:39 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-05-29 14:36 2007-05-28 23:30 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-28 23:20 2007-05-27 16:49 2007-05-25 19:04 2007-05-25 16:13 2007-05-23 20:37 2007-05-23 20:37 2007-05-20 21:53 2007-05-19 22:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll 2007-05-16 14:34 2007-05-02 19:01 2007-04-27 22:15 2007-04-27 22:12 2007-04-27 21:59 2007-04-26 21:33 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-04-26 19:11 4,456,448 --a------ C:\DOCUME~1\GOKA~1\ntuser.dat 2007-04-26 18:51 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-04-20 23:29 2007-04-20 23:23 2,560 --a------ C:\WINDOWS_MSRSTRT.EXE 2007-04-20 23:04 2007-04-20 23:03 338,432 --a------ C:\WINDOWS\system32\Ir41_qcx.dll 2007-04-20 23:03 225,280 --a------ C:\WINDOWS\system32\qtmlClient.dll 2007-04-20 23:03 120,320 --a------ C:\WINDOWS\system32\Ir41_qc.dll 2007-04-20 23:03 2007-04-20 23:03 2007-04-20 23:03 2007-04-13 19:59 659 --a------ C:\WINDOWS\mozver.dat 2007-04-10 17:39 2007-04-10 17:36 2007-04-09 19:36 959 --a------ C:\WINDOWS\eReg.dat 2007-04-09 19:36 33,792 -ra------ C:\WINDOWS\NPSExec.exe 2007-04-09 19:16 2007-04-09 18:52 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-08 23:01 129,024 --a------ C:\Program Files\UNWISE.EXE 2007-04-08 22:25 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-08 16:06 2007-04-08 12:52 2007-04-08 11:54 2007-04-07 09:34 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll 2007-04-07 09:34 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll 2007-04-07 09:34 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll 2007-04-07 09:34 53,279 --a------ C:\WINDOWS\system32\msjter40.dll 2007-04-07 09:34 512,029 --a------ C:\WINDOWS\system32\msexch40.dll 2007-04-07 09:34 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll 2007-04-07 09:34 380,957 --a------ C:\WINDOWS\system32\expsrv.dll 2007-04-07 09:34 348,193 --a------ C:\WINDOWS\system32\msjetoledb40.dll 2007-04-07 09:34 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll 2007-04-07 09:34 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll 2007-04-07 09:34 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll 2007-04-07 09:34 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll 2007-04-07 09:34 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll 2007-04-07 09:34 258,077 --a------ C:\WINDOWS\system32\mstext40.dll 2007-04-07 09:34 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll 2007-04-07 09:34 213,023 --a------ C:\WINDOWS\system32\msltus40.dll 2007-04-07 09:34 172,061 --a------ C:\WINDOWS\system32\msjint40.dll 2007-04-07 09:34 1,507,358 --a------ C:\WINDOWS\system32\msjet40.dll 2007-04-07 09:34 2007-04-04 21:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-04-03 18:04 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-07 15:09:42 -------- d-----w C:\Program Files\Ruins of Alkor V.3.4 2007-06-07 13:29:22 -------- d-----w C:\Program Files\Asprate 2007-06-06 21:02:35 -------- d-----w C:\Program Files\VIA Technologies, INC 2007-06-06 19:49:06 -------- d-----w C:\Program Files\Realtek 2007-06-06 19:47:50 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-06-06 19:36:25 -------- d-----w C:\Program Files\Realtek AC97 2007-06-06 07:36:59 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\AdobeUM 2007-06-05 20:37:27 -------- d-----w C:\DOCUME~1\GOKA~1\DANEAP~1\Ashampoo 2007-06-05 20:36:43 -------- d-----w C:\Program Files\Ashampoo 2007-06-05 20:25:17 -------- d-----w C:\Program Files\SlySoft 2007-06-03 14:53:52 -------- d-----w C:\Program Files\MagiKnights 2007-06-01 19:41:39 -------- d-----w C:\Program Files\Xentare 2007-05-30 19:24:35 1,632 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-05-30 15:06:18 1,744 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-30 09:54:59 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-29 10:43:33 -------- d-----w C:\Program Files\Tibia 2007-05-28 21:36:59 50,952 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-28 21:36:59 359,032 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-28 18:47:48 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-05-28 18:47:48 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-05-28 18:08:23 -------- d-----w C:\Program Files\AskTBar 2007-05-28 17:41:20 -------- d-----w C:\Program Files\C-Media Audio 2007-05-28 17:41:02 -------- d-----w C:\Program Files\Elaborate Bytes 2007-05-26 10:52:16 -------- d-----w C:\Program Files\Kazaa Lite Rewolucja 2007-05-19 18:52:22 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2007-05-16 10:22:53 -------- d-----w C:\Program Files\TibiaBot NG 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-27 20:15:06 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-04-25 14:20:48 4,030,144 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-04-07 07:31:21 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-06 07:48:39 -------- d-----w C:\Program Files\Gadu-Gadu 2007-03-29 13:24:02 -------- d–h--w C:\Program Files\WindowsUpdate 2007-03-27 14:43:31 0 -c–a-w C:\WINDOWS\nsreg.dat 2007-03-26 17:43:30 1,249 -c–a-w C:\WINDOWS\unins000.dat 2007-03-26 15:34:28 0 --sha-r C:\MSDOS.SYS 2007-03-26 15:34:28 0 --sha-r C:\IO.SYS 2007-03-26 15:34:28 0 ----a-w C:\CONFIG.SYS 2007-03-26 15:34:28 0 ----a-w C:\AUTOEXEC.BAT 2007-03-26 15:28:53 21,856 -c–a-w C:\WINDOWS\system32\emptyregdb.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 00:47] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-06-11 11:55] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04] “Cmaudio”=“cmicnfg.cpl” [] “AT-Watch”="" [] “Anti-Trojan-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “CloneCDTray”=“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 21:21] “SoundMan”=“SOUNDMAN.EXE” [2006-07-21 16:14 C:\WINDOWS\SoundMan.exe] “Flashget”=“C:\Program Files\FlashGet\FlashGet.exe” [2007-06-19 10:49] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-03-10 02:58] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [] “Shareaza”=“C:\Program Files\K-litePro\K-litePro.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-01-30 16:58] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-29 00:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system] “DisableRegistryTools”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiscSpaceChecks”=000000000000f03f ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 11:15:49 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** Completion time: 2007-05-31 11:16:49 C:\ComboFix-quarantined-files.txt … 2007-05-31 11:16 C:\ComboFix2.txt … 2007-05-29 22:01 C:\ComboFix3.txt … 2007-05-28 23:37 — E O F —

slake · 1 Lipiec 2007 10:21

Ogólnie jest w porządku.