ErrorSafe i Carlson Dialer

Pandzia1990 · 21 Październik 2007 11:19

Po świeżym postawieniu systemu pojawił się na liście zainstalowanych programów Carlson Dialera w starcie Carlton. Gdy to usunę, to po resecie komputera i tak się pojawia. Avast tego nie wykrywa. Nie wiem co to robi.

Drugą sprawą jest ErrorSafe który wziął się nie wiem skąd i nie wiem jak się tego pozbyć.

Ponadto komputer strasznie muli i zawiesza.

Proszę o pomoc.

adam9870 · 21 Październik 2007 11:21

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu pokaż zawartość pliku c:\rapport.txt oraz log z ComboFix.

Pandzia1990 · 21 Październik 2007 11:38

SmitFraudFix v2.240 Scan done at 13:31:09.20, 2007-10-21 Run from C:\Documents and Settings\Paulina\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri’s WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip…{6E301070-D444-4AC1-90DB-5F8EA64ED6B5}: DhcpNameServer=84.205.31.4 84.205.31.5 HKLM\SYSTEM\CS1\Services\Tcpip…{6E301070-D444-4AC1-90DB-5F8EA64ED6B5}: DhcpNameServer=84.205.31.4 84.205.31.5 HKLM\SYSTEM\CS2\Services\Tcpip…{6E301070-D444-4AC1-90DB-5F8EA64ED6B5}: DhcpNameServer=84.205.31.4 84.205.31.5 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.205.31.4 84.205.31.5 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.205.31.4 84.205.31.5 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=84.205.31.4 84.205.31.5 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End Złączono Posta: 21.10.2007 (Nie) 12:39 ComboFix 07-10-21.1** - Paulina 2007-10-21 13:32:45.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.149 [GMT 2:00] Running from: C:\Documents and Settings\Paulina\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\ketmjcvd.dll C:\WINDOWS\system32\khfgfee.dll C:\WINDOWS\system32\ngxmbkjy.dll C:\WINDOWS\system32\srqss.bak1 C:\WINDOWS\system32\srqss.bak2 C:\WINDOWS\system32\srqss.ini C:\WINDOWS\system32\ssqrs.dll C:\WINDOWS\system32\xxyyvtr.dll C:\WINDOWS\system32\yjkbmxgn.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))) . 2007-10-21 13:31 720 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-21 13:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-21 13:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-21 13:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-21 13:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-21 13:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-21 13:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 12:19 2007-10-21 12:07 2007-10-21 12:07 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-21 11:59 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-10-21 11:57 2007-10-21 11:57 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-10-21 11:55 2007-10-21 11:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-21 11:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-21 11:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-21 11:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-21 10:59 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-21 10:59 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-21 10:59 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-21 10:59 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-21 10:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-21 10:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-21 10:35 1,635 --a------ C:\WINDOWS\system32\znuc.exe 2007-10-21 10:09 40,960 --a–c— C:\WINDOWS\system32\dllcache\trialoc.dll 2007-10-21 10:09 24,576 --a–c— C:\WINDOWS\system32\dllcache\icwrmind.exe 2007-10-21 10:08 159,744 --a–c— C:\WINDOWS\system32\dllcache\icwhelp.dll 2007-10-21 10:08 73,728 --a–c— C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-10-21 10:08 65,536 --a–c— C:\WINDOWS\system32\dllcache\icwres.dll 2007-10-21 10:08 57,344 --a–c— C:\WINDOWS\system32\dllcache\icwconn.dll 2007-10-21 10:08 45,056 --a–c— C:\WINDOWS\system32\dllcache\icwutil.dll 2007-10-21 09:59 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-10-21 09:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-10-21 09:58 24,661 --a–c— C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-10-21 09:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-10-21 09:58 13,312 --a–c— C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-21 09:46 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-10-20 18:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-20 18:47 57,088 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-10-20 18:46 577,024 -rahs---- C:\WINDOWS\VTTray.exe 2007-10-20 18:45 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 71,680 --a------ C:\WINDOWS\system32\storprop.dll 2007-10-20 18:42 2007-10-20 18:28 5 --ahs---- C:\WINDOWS\system32\efebacff3_s.dll 2007-10-20 18:22 2007-10-20 18:19 2007-10-20 18:14 2,928 --a------ C:\WINDOWS\mozver.dat 2007-10-20 18:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-20 18:03 2007-10-20 18:03 2007-10-20 18:03 61,440 --a------ C:\WINDOWS\system32\3Deep.dll 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 947,884 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-10-20 18:02 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-10-20 18:02 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-10-20 18:02 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-10-20 18:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-20 18:01 208,896 -ra------ C:\WINDOWS\alcupd.exe 2007-10-20 18:01 131,072 -ra------ C:\WINDOWS\alcrmv.exe 2007-10-19 18:47 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-21 11:35 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-10-21 11:35 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-21 08:15 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-10-21 08:07 --------- d-----w C:\Program Files\Usługi online 2007-10-20 15:54 --------- d-----w C:\Program Files\microsoft frontpage 2001-10-26 17:29:52 68,573 --sha-r C:\WINDOWS\system32\mmdmm.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{31257c63-f81d-4d8d-badc-5ca2969e70c2}] C:\WINDOWS\system32\hompex.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “SoundMan”=“SOUNDMAN.EXE” [2002-11-19 13:24 C:\WINDOWS\SOUNDMAN.EXE] “Windows Logon Application”=“C:\WINDOWS\System32\winIogon.exe” [2001-10-26 19:29] “mmsass”=“mmdmm.exe” [2001-10-26 19:29 C:\WINDOWS\system32\mmdmm.exe] “avast!”=“C:\Avast4\ashDisp.exe” [2007-09-06 12:06] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 15:16] “nwiz”=“nwiz.exe” [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-10-06 15:16] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “mmsass”=mmdmm.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] @= C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2007-10-20 18:03:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=1 (0x1) “DisableRegistryTools”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] “Shell”=“Explorer.exe %WINDIR%\VTTray.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hompex] hompex.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=c:\windows\system32\vtursrp.dll R2 s3contrl (32-bit);s3contrl (32-bit);“C:\WINDOWS\VTTray.exe” S3 SetupNTGLM7X;SetupNTGLM7X;??\G:\NTGLM7X.sys *Newly Created Service* - IPNAT . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-21 13:35:26 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-21 13:36:18 - machine was rebooted . — E O F — // Poprawiłem Twój post - dodałem tagi quote. Kaka’

jessica · 21 Październik 2007 21:25

Okazało się, że masz infekcję “VUNDO”, a także robaki. I to od … 2001 r.!

A to oznacza, że nie wszystko zostało pokazane przez ComboFixa, bo ComboFix pokazuje tylko do 90 dni wstecz, a wcześniejsze tylko okazyjnie.

Wklej do Notatnika :

File::

C:\WINDOWS\system32\znuc.exe

C:\WINDOWS\system32\mmdmm.exe

c:\windows\system32\vtursrp.dll

C:\WINDOWS\System32\winIogon.exe

C:\WINDOWS\system32\hompex.dll


Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] 

"mmsass"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hompex]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=-

"appinit_dlls"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Logon Application"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mmsass"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

Pandzia1990 · 22 Październik 2007 14:05

Od 2001? Troche dziwne, bo komputer mam od lutego 2002 a dostęp do neta od 2004. I był wiele razy formatowany, chociaż nie wiem czy to ma jakiś wpływ na to.

Logi:

ComboFix 07-10-21.1** - Paulina 2007-10-22 16:01:30.5 - NTFSx86 Running from: E:\Programy\Nowy folder\ComboFix.exe Command switches used :: E:\Programy\Nowy folder\CFScript.txt FILE:: C:\WINDOWS\system32\hompex.dll C:\WINDOWS\system32\mmdmm.exe c:\windows\system32\vtursrp.dll C:\WINDOWS\System32\winIogon.exe C:\WINDOWS\system32\znuc.exe . ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 13:42 169,984 --ahs---- C:\WINDOWS\system32\urdvxc.exe 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 44,495 --a------ C:\9r2h2z5l7v8.exe 2007-10-21 19:59 52,224 --------- C:\WINDOWS\system32\brinsstr.dll 2007-10-21 19:59 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-10-21 19:58 2007-10-21 19:58 147,456 --------- C:\WINDOWS\brunin03.dll 2007-10-21 19:53 2007-10-21 19:52 2007-10-21 19:51 2007-10-21 19:35 2007-10-21 19:34 2007-10-21 19:27 97,280 -----c— C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-10-21 19:26 2007-10-21 19:26 2007-10-21 19:13 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-10-21 19:13 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll 2007-10-21 19:13 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll 2007-10-21 19:13 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll 2007-10-21 19:13 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-10-21 19:13 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll 2007-10-21 19:13 27,392 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2007-10-21 19:13 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-21 19:08 2007-10-21 17:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-21 13:31 720 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-21 13:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-21 13:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-21 13:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-21 13:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-21 13:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-21 13:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 12:19 2007-10-21 12:07 2007-10-21 12:07 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-21 11:57 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-10-21 11:55 2007-10-21 11:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-21 11:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-21 11:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-21 11:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-21 10:59 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-21 10:59 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-21 10:59 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-21 10:59 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-21 10:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-21 10:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-21 10:09 40,960 --a–c— C:\WINDOWS\system32\dllcache\trialoc.dll 2007-10-21 10:08 73,728 --a–c— C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-10-21 10:08 65,536 --a–c— C:\WINDOWS\system32\dllcache\icwres.dll 2007-10-21 09:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-10-21 09:58 24,661 --a–c— C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-10-21 09:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-10-21 09:58 13,312 --a–c— C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-20 18:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-20 18:46 577,024 -rahs---- C:\WINDOWS\VTTray.exe 2007-10-20 18:45 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:42 2007-10-20 18:28 5 --ahs---- C:\WINDOWS\system32\efebacff3_s.dll 2007-10-20 18:22 2007-10-20 18:19 2007-10-20 18:14 2,928 --a------ C:\WINDOWS\mozver.dat 2007-10-20 18:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-20 18:03 2007-10-20 18:03 2007-10-20 18:03 61,440 --a------ C:\WINDOWS\system32\3Deep.dll 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 947,884 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-10-20 18:02 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-20 18:01 208,896 -ra------ C:\WINDOWS\alcupd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-22 13:51 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-10-22 13:51 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe 2007-10-22 13:51 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-22 11:44 169,984 ----a-w C:\WINDOWS\Web\wcxnjhhj.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\zeektjlr.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\tjsnlncx.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\stleqtrb.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\bnkrcrqq.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\xnejeese.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\nvsbqtlx.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\kvzexhbs.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\zwjcbxql.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\jlskvkjt.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\hhktjkel.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\tcjqbtst.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\nrbhslcz.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\eqlrejrl.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\brvhkxjh.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\tsbjbtvn.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\jjlenkbt.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\jbnshhqj.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\hwexrtne.exe 2007-10-22 11:43 169,984 ----a-w C:\WINDOWS\Help\bzehxvnz.exe 2007-10-21 08:15 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-10-21 08:07 --------- d-----w C:\Program Files\Usługi online 2007-10-20 15:54 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{31257c63-f81d-4d8d-badc-5ca2969e70c2}] C:\WINDOWS\system32\hompex.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-11-19 13:24 C:\WINDOWS\SOUNDMAN.EXE] “avast!”=“C:\Avast4\ashDisp.exe” [2007-09-06 12:06] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 15:16] “nwiz”=“nwiz.exe” [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-10-06 15:16] “AlcoholAutomount”=“E:\Programy\Alcohol\axcmd.exe” [2007-07-02 12:22] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2007-10-20 18:03:18] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system] “DisableTaskMgr”=0 (0x0) “DisableRegistryTools”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) “DisallowRun”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] “1”=9r2h2z5l7v8.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-22 16:02:07 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-22 16:02:39 C:\ComboFix2.txt … 2007-10-21 15:43 . — E O F —

jessica · 22 Październik 2007 14:27

Dzisiaj, o 11:43, rozpoczęła się u Ciebie następna, trudna infekcja.

Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner

Ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Potem:

Wklej do Notatnika :

File::

C:\9r2h2z5l7v8.exe

C:\WINDOWS\system32\urdvxc.exe

C:\WINDOWS\Web\wcxnjhhj.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\zeektjlr.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\tjsnlncx.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\stleqtrb.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\bnkrcrqq.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\xnejeese.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\nvsbqtlx.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\kvzexhbs.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\zwjcbxql.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\jlskvkjt.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\hhktjkel.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\tcjqbtst.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\nrbhslcz.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\eqlrejrl.exe 

C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\brvhkxjh.exe 

C:\WINDOWS\Help\tsbjbtvn.exe 

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe 

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe 

C:\WINDOWS\Help\jjlenkbt.exe 

C:\WINDOWS\Help\jbnshhqj.exe 

C:\WINDOWS\Help\hwexrtne.exe 

C:\WINDOWS\Help\bzehxvnz.exe 

C:\WINDOWS\system32\hompex.dll


Driver::

MSWindows


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31257c63-f81d-4d8d-badc-5ca2969e70c2}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"=-

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

– podobnie jak na tym obrazku –>

Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

Pandzia1990 · 22 Październik 2007 14:42

ComboFix 07-10-21.1** - Paulina 2007-10-22 16:37:28.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.69 [GMT 2:00] Running from: E:\Programy\Nowy folder\ComboFix.exe Command switches used :: E:\Programy\Nowy folder\CFScript.txt * Created a new restore point FILE:: C:\9r2h2z5l7v8.exe C:\WINDOWS\Help\bzehxvnz.exe C:\WINDOWS\Help\hwexrtne.exe C:\WINDOWS\Help\jbnshhqj.exe C:\WINDOWS\Help\jjlenkbt.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe C:\WINDOWS\Help\tsbjbtvn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\brvhkxjh.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\eqlrejrl.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\nrbhslcz.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\tcjqbtst.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\hhktjkel.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\jlskvkjt.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\zwjcbxql.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\kvzexhbs.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\nvsbqtlx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\xnejeese.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\bnkrcrqq.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\stleqtrb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\tjsnlncx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\zeektjlr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe C:\WINDOWS\system32\hompex.dll C:\WINDOWS\system32\urdvxc.exe C:\WINDOWS\Web\wcxnjhhj.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\9r2h2z5l7v8.exe C:\WINDOWS\Help\bzehxvnz.exe C:\WINDOWS\Help\hwexrtne.exe C:\WINDOWS\Help\jbnshhqj.exe C:\WINDOWS\Help\jjlenkbt.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe C:\WINDOWS\Help\tsbjbtvn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\brvhkxjh.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\eqlrejrl.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\nrbhslcz.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\CompatCtr\tcjqbtst.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\hhktjkel.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\jlskvkjt.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\zwjcbxql.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\DVDUpgrd\kvzexhbs.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\ErrMsg\nvsbqtlx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\errors\xnejeese.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\bnkrcrqq.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\NetDiag\stleqtrb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\tjsnlncx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\zeektjlr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\rc\rjzhtwer.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jqnsbclx.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\jzrjzkke.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Common\vtxbneqq.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\cqlwbrtn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\hlnbkbjt.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\jllrjejn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\kcqrjjel.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\resrzjkr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Client\rlkctexe.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\jjtkbtsb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\slkweqkr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Common\xxrlrrck.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\bbcrvske.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\brbjhjhb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\ejjtwclz.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\heclkcje.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\Interaction\Server\vhzlshll.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lbncltew.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\lenvstcw.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\Remote Assistance\sljktqsl.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cjrhtnee.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\cszbbkjb.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\hzenbhql.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\kenjxzsk.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\qnkstrhn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\selznkbn.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\tehbbexs.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\sysinfo\trvnbvzr.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ecrvhvjh.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\ewznktww.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hnshlbtv.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\hsxenjvk.exe C:\WINDOWS\PCHEALTH\HELPCTR\System\UpdateCtr\necxlsbh.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\estewkrn.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\nbbrcrbb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\btlekkxb.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\tlrrsvlj.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\zejthvxk.exe C:\WINDOWS\system32\urdvxc.exe C:\WINDOWS\Web\wcxnjhhj.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_MSWINDOWS -------\MSWindows ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 16:26 577,024 --a------ C:\WINDOWS\system32\frh.exe 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-21 19:59 52,224 --------- C:\WINDOWS\system32\brinsstr.dll 2007-10-21 19:59 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-10-21 19:58 2007-10-21 19:58 147,456 --------- C:\WINDOWS\brunin03.dll 2007-10-21 19:53 2007-10-21 19:52 2007-10-21 19:51 2007-10-21 19:35 2007-10-21 19:34 2007-10-21 19:27 97,280 -----c— C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-10-21 19:26 2007-10-21 19:26 2007-10-21 19:13 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-10-21 19:13 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll 2007-10-21 19:13 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll 2007-10-21 19:13 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll 2007-10-21 19:13 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-10-21 19:13 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll 2007-10-21 19:13 27,392 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2007-10-21 19:13 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-21 19:08 2007-10-21 17:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-21 13:31 720 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-21 13:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-21 13:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-21 13:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-21 13:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-21 13:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-21 13:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 12:19 2007-10-21 12:07 2007-10-21 12:07 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-21 11:57 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-10-21 11:55 2007-10-21 11:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-21 11:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-21 11:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-21 11:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-21 10:59 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-21 10:59 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-21 10:59 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-21 10:59 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-21 10:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-21 10:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-21 10:09 40,960 --a–c— C:\WINDOWS\system32\dllcache\trialoc.dll 2007-10-21 10:08 73,728 --a–c— C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-10-21 10:08 65,536 --a–c— C:\WINDOWS\system32\dllcache\icwres.dll 2007-10-21 09:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-10-21 09:58 24,661 --a–c— C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-10-21 09:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-10-21 09:58 13,312 --a–c— C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-20 18:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-20 18:46 577,024 -r-hs---- C:\WINDOWS\VTTray.exe 2007-10-20 18:45 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:42 2007-10-20 18:28 5 --ahs---- C:\WINDOWS\system32\efebacff3_s.dll 2007-10-20 18:22 2007-10-20 18:19 2007-10-20 18:14 2,928 --a------ C:\WINDOWS\mozver.dat 2007-10-20 18:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-20 18:03 2007-10-20 18:03 2007-10-20 18:03 61,440 --a------ C:\WINDOWS\system32\3Deep.dll 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 947,884 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-10-20 18:02 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-20 18:01 208,896 -ra------ C:\WINDOWS\alcupd.exe 2007-10-20 18:01 131,072 -ra------ C:\WINDOWS\alcrmv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-22 14:39 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-10-22 14:39 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe 2007-10-22 14:39 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-21 08:15 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-10-21 08:07 --------- d-----w C:\Program Files\Usługi online 2007-10-20 15:54 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “SoundMan”=“SOUNDMAN.EXE” [2002-11-19 13:24 C:\WINDOWS\SOUNDMAN.EXE] “avast!”=“C:\Avast4\ashDisp.exe” [2007-09-06 12:06] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 15:16] “nwiz”=“nwiz.exe” [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-10-06 15:16] “AlcoholAutomount”=“E:\Programy\Alcohol\axcmd.exe” [2007-07-02 12:22] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2007-10-20 18:03:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) “DisallowRun”=1 (0x1) . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-22 16:40:08 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-22 16:41:14 - machine was rebooted C:\ComboFix2.txt … 2007-10-22 16:08 C:\ComboFix3.txt … 2007-10-21 15:43 . — E O F —

jessica · 22 Październik 2007 15:00

Wygląda, że jest OK.

Możesz jeszcze, tak na wszelki wypadek, użyć -->SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

jessi

Pandzia1990 · 22 Październik 2007 15:05

Carlson Dialer nie zniknął z listy zainstalowanych programów, avast ciągle wyje i znajduje koniki i robaki

spróbuje jeszcze z SDFix i zaraz dam ten plik

jessica · 22 Październik 2007 15:16

No tak, wychodzi na to, że jestem GAPA.

Wklej do Notatnika :

File::

C:\WINDOWS\system32\frh.exe


Folder::

C:\Program Files\Common Files\Carlson

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

– podobnie jak na tym obrazku –>

Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Log z ComboFixa i raport z SDFixa.

jessi

Pandzia1990 · 22 Październik 2007 15:26

SDFix: Version 1.110 Run by Paulina on 2007-10-22 at 17:10 Microsoft Windows XP [Wersja 5.1.2600] Running From: D:\SDFix Safe Mode: Checking Services: Name: s3contrl (32-bit) ImagePath: “C:\WINDOWS\VTTray.exe” s3contrl (32-bit) - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp Found C:\WINDOWS\system32\Microsoft\backup.tftp Found Checking files: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp Dummy: C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found Final Check: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\dllcache\ftp.exe Dummy: C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Restoring Windows Registry Values Restoring Windows Default Hosts File

ComboFix 07-10-21.1** - Paulina 2007-10-22 17:19:37.7 - NTFSx86 Running from: E:\Programy\Nowy folder\ComboFix.exe Command switches used :: E:\Programy\Nowy folder\CFScript.txt FILE:: C:\WINDOWS\system32\frh.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\frh.exe . ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 17:17 0 --a------ C:\WINDOWS\system32\MSNGR32.com 2007-10-22 17:12 1,422 --a------ C:\Documents and Settings\Paulina\clean.reg 2007-10-22 17:09 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-21 19:59 52,224 --------- C:\WINDOWS\system32\brinsstr.dll 2007-10-21 19:59 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-10-21 19:58 2007-10-21 19:58 147,456 --------- C:\WINDOWS\brunin03.dll 2007-10-21 19:53 2007-10-21 19:52 2007-10-21 19:51 2007-10-21 19:35 2007-10-21 19:34 2007-10-21 19:27 97,280 -----c— C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-10-21 19:26 2007-10-21 19:26 2007-10-21 19:13 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-10-21 19:13 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll 2007-10-21 19:13 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll 2007-10-21 19:13 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll 2007-10-21 19:13 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-10-21 19:13 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll 2007-10-21 19:13 27,392 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2007-10-21 19:13 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-21 19:08 2007-10-21 17:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-21 13:31 720 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-21 13:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-21 13:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-21 13:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-21 13:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-21 13:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-21 13:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 12:19 2007-10-21 12:07 2007-10-21 12:07 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-21 11:57 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-10-21 11:55 2007-10-21 11:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-21 11:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-21 11:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-21 11:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-21 10:59 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-21 10:59 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-21 10:59 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-21 10:59 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-21 10:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-21 10:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-21 10:09 40,960 --a–c— C:\WINDOWS\system32\dllcache\trialoc.dll 2007-10-21 10:08 73,728 --a–c— C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-10-21 10:08 65,536 --a–c— C:\WINDOWS\system32\dllcache\icwres.dll 2007-10-21 09:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-10-21 09:58 24,661 --a–c— C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-10-21 09:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-10-21 09:58 13,312 --a–c— C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-20 18:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-20 18:45 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:42 2007-10-20 18:28 5 --ahs---- C:\WINDOWS\system32\efebacff3_s.dll 2007-10-20 18:22 2007-10-20 18:19 2007-10-20 18:14 2,928 --a------ C:\WINDOWS\mozver.dat 2007-10-20 18:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-20 18:03 2007-10-20 18:03 2007-10-20 18:03 61,440 --a------ C:\WINDOWS\system32\3Deep.dll 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 947,884 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-10-20 18:02 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-20 18:01 208,896 -ra------ C:\WINDOWS\alcupd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-22 14:39 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-21 08:15 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-10-21 08:07 --------- d-----w C:\Program Files\Usługi online 2007-10-20 15:54 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((( snapshot@2007-10-22_16.02.12.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-21 00:57:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-10-22 15:09:50 1,134,592 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-10-22 15:09:50 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-10-21 00:57:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-10-22 15:09:45 1,134,592 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-10-22 15:09:45 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2007-10-21 17:34:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-10-22 14:49:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-10-21 17:34:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2007-10-22 14:49:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-10-21 17:34:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-10-22 14:49:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2007-10-22 13:51:50 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe + 2004-08-03 22:44:20 44,544 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe - 2007-10-22 13:51:50 16,896 -c–a-w C:\WINDOWS\system32\dllcache\tftp.exe + 2007-10-22 14:39:47 16,896 -c–a-w C:\WINDOWS\system32\dllcache\tftp.exe - 2007-10-22 13:51:50 42,496 ----a-w C:\WINDOWS\system32\ftp.exe + 2004-08-03 22:44:20 44,544 ----a-w C:\WINDOWS\system32\ftp.exe + 2007-10-22 15:12:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_444.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-11-19 13:24 C:\WINDOWS\SOUNDMAN.EXE] “avast!”=“C:\Avast4\ashDisp.exe” [2007-09-06 12:06] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 15:16] “nwiz”=“nwiz.exe” [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-10-06 15:16] “AlcoholAutomount”=“E:\Programy\Alcohol\axcmd.exe” [2007-07-02 12:22] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2007-10-20 18:03:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-22 17:20:24 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-22 17:20:58 . — E O F —

jessica · 22 Październik 2007 15:43

Wklej do Notatnika :

File::

C:\WINDOWS\system32\MSNGR32.com

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

– podobnie jak na tym obrazku –>

Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Nie zrozumiałam natomiast raportu SDFixa - chyba wymienione tam prawidłowe pliki są zarażine, ale nie wiem, czy SDFix już je podmienił, bo z raportu niezbyt jasno to wynika, zwłaszcza, że ja nie znam angielskiego.

Log z ComboFixa daj, może jeszcze ktoś inny coś w nim wypatrzy…

jessi

Pandzia1990 · 22 Październik 2007 15:59

jessica bardzo dziękuje

Przestało mulić, avast nie wyje i nie ma już tych wszystkich dziwnych plików.

log:

ComboFix 07-10-21.1** - Paulina 2007-10-22 17:51:22.8 - NTFSx86 Running from: E:\Programy\Nowy folder\ComboFix.exe Command switches used :: E:\Programy\Nowy folder\CFScript.txt FILE:: C:\WINDOWS\system32\MSNGR32.com . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\MSNGR32.com . ((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))) . 2007-10-22 17:12 1,422 --a------ C:\Documents and Settings\Paulina\clean.reg 2007-10-22 17:09 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-22 11:54 2007-10-21 19:59 52,224 --------- C:\WINDOWS\system32\brinsstr.dll 2007-10-21 19:59 50 --a------ C:\WINDOWS\system32\bridf05a.dat 2007-10-21 19:58 2007-10-21 19:58 147,456 --------- C:\WINDOWS\brunin03.dll 2007-10-21 19:53 2007-10-21 19:52 2007-10-21 19:51 2007-10-21 19:35 2007-10-21 19:34 2007-10-21 19:27 97,280 -----c— C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-10-21 19:26 2007-10-21 19:26 2007-10-21 19:13 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-10-21 19:13 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll 2007-10-21 19:13 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll 2007-10-21 19:13 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll 2007-10-21 19:13 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-10-21 19:13 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll 2007-10-21 19:13 27,392 --a------ C:\WINDOWS\system32\drivers\viaagp.sys 2007-10-21 19:13 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-21 19:08 2007-10-21 17:58 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-21 13:31 720 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-21 13:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-21 13:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-21 13:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-21 13:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-21 13:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-21 13:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-21 12:19 2007-10-21 12:07 2007-10-21 12:07 98,304 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-10-21 11:57 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-10-21 11:55 2007-10-21 11:00 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-21 11:00 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-21 11:00 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-21 11:00 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-21 10:59 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-21 10:59 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-21 10:59 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-10-21 10:59 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-10-21 10:59 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-21 10:59 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-21 10:09 40,960 --a–c— C:\WINDOWS\system32\dllcache\trialoc.dll 2007-10-21 10:08 73,728 --a–c— C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-10-21 10:08 65,536 --a–c— C:\WINDOWS\system32\dllcache\icwres.dll 2007-10-21 09:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-10-21 09:58 24,661 --a–c— C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-10-21 09:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-10-21 09:58 13,312 --a–c— C:\WINDOWS\system32\dllcache\irclass.dll 2007-10-20 18:48 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-10-20 18:45 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:44 2007-10-20 18:42 2007-10-20 18:28 5 --ahs---- C:\WINDOWS\system32\efebacff3_s.dll 2007-10-20 18:22 2007-10-20 18:19 2007-10-20 18:14 2,928 --a------ C:\WINDOWS\mozver.dat 2007-10-20 18:14 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-20 18:03 2007-10-20 18:03 2007-10-20 18:03 61,440 --a------ C:\WINDOWS\system32\3Deep.dll 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 2007-10-20 18:02 947,884 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-10-20 18:02 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 2007-10-20 18:01 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-10-20 18:01 208,896 -ra------ C:\WINDOWS\alcupd.exe 2007-10-20 18:01 131,072 -ra------ C:\WINDOWS\alcrmv.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-22 14:39 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-21 08:15 133,120 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-10-21 08:07 --------- d-----w C:\Program Files\Usługi online 2007-10-20 15:54 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((( snapshot@2007-10-22_16.02.12.07 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-21 00:57:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2007-10-22 15:09:50 1,134,592 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2007-10-22 15:09:50 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-10-21 00:57:57 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-10-22 15:09:45 1,134,592 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2007-10-22 15:09:45 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2007-10-21 17:34:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-10-22 14:49:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-10-21 17:34:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2007-10-22 14:49:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2007-10-21 17:34:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2007-10-22 14:49:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat - 2007-10-22 13:51:50 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe + 2004-08-03 22:44:20 44,544 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe - 2007-10-22 13:51:50 16,896 -c–a-w C:\WINDOWS\system32\dllcache\tftp.exe + 2007-10-22 14:39:47 16,896 -c–a-w C:\WINDOWS\system32\dllcache\tftp.exe - 2007-10-22 13:51:50 42,496 ----a-w C:\WINDOWS\system32\ftp.exe + 2004-08-03 22:44:20 44,544 ----a-w C:\WINDOWS\system32\ftp.exe + 2007-10-22 15:53:31 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_468.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “SoundMan”=“SOUNDMAN.EXE” [2002-11-19 13:24 C:\WINDOWS\SOUNDMAN.EXE] “avast!”=“C:\Avast4\ashDisp.exe” [2007-09-06 12:06] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2003-10-06 15:16] “nwiz”=“nwiz.exe” [2003-10-06 15:16 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “NvMediaCenter”=“C:\WINDOWS\System32\NVMCTRAY.DLL” [2003-10-06 15:16] “AlcoholAutomount”=“E:\Programy\Alcohol\axcmd.exe” [2007-07-02 12:22] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] @= C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ E-Color.lnk - C:\Program Files\E-Color\Common\IconMgr.exe [2007-10-20 18:03:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsMenu”=1 (0x1) . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-22 17:53:53 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-22 17:54:53 - machine was rebooted C:\ComboFix2.txt … 2007-10-22 17:21 . — E O F —

Gutek · 23 Październik 2007 21:30

Już powinno być Ok

Na koniec daj log z SDFix