pytanie jak w temacie, prosze o pomoc
ComboFix 08-07-05.1 - Ola 2008-07-06 12:43:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1567 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Ola\Dane aplikacji\rhcvgtj0e34e
C:\Program Files\rhcvgtj0e34e
C:\WINDOWS\system32\blphcrgtj0e34e.scr
C:\WINDOWS\system32\lphcrgtj0e34e.exe
C:\WINDOWS\system32\phcrgtj0e34e.bmp
C:\WINDOWS\system32\pphcrgtj0e34e.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 12:22 . 2008-07-06 12:28
2008-07-06 12:22 . 2008-07-06 12:22
2008-07-06 12:19 . 2008-07-06 12:19
2008-07-06 12:18 . 2008-07-06 12:18
2008-07-06 12:18 . 2008-07-06 12:18
2008-07-06 11:41 . 2008-07-06 11:41
2008-07-06 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-06 11:31 . 2008-07-06 11:31 94,208 --a------ C:\WINDOWS\system32\3A.tmp
2008-07-06 11:31 . 2008-07-06 11:31 56,836 --a------ C:\WINDOWS\system32\msxml71.dll
2008-07-05 10:46 . 2008-07-05 10:46
2008-07-01 11:27 . 2008-07-01 11:27
2008-06-30 11:26 . 2008-06-30 11:26
2008-06-30 11:14 . 2008-06-30 11:14
2008-06-14 12:47 . 2008-06-14 12:47
2008-06-14 12:46 . 2008-06-14 12:46
2008-06-14 12:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-06-14 12:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-06-14 12:45 . 2008-06-14 12:45
2008-06-14 12:45 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-14 12:45 . 2005-07-22 10:43 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-06-14 12:45 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-06-14 12:45 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-06-14 12:45 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-06-14 12:45 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-14 12:45 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 10:45 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-07-06 10:40 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-07-06 10:17 16,384 ----a-w C:\Program Files\uik.dat
2008-07-06 10:02 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\AVG7
2008-07-06 09:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-07-06 08:13 4 ----a-w C:\Program Files\is.dat
2008-07-04 19:58 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\GanymedeNet
2008-07-03 16:58 --------- d-----w C:\Program Files\Ganymede
2008-06-14 10:46 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-12-06 19:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{500BCA15-57A7-4eaf-8143-8C619470B13D}]
2008-07-06 11:31 56836 --a------ C:\WINDOWS\system32\msxml71.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2002-01-09 16:04 1470488 --a------ C:\Program Files\Wisdom-soft\tbWis1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{6dfc55bb-bfff-485a-9709-90c3fdf6db58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]
[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]
[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-12-12 16:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22 7618560]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 15:34 868352]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-25 09:58 579584]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 17:40 155648]
“BEWINTERNET-PLSessionManager”=“C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe” [2007-07-24 19:03 102400]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
“nwiz”=“nwiz.exe” [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
“Resume copy”=“copyfstq.exe” [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-01-29 23:23 219136]
C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\
spy.bak [2008-07-06 12:45:32 336]
spy.exe [2004-12-14 12:34:58 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
“msacm.divxa32”= msaud32_divx.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\NAPI-PROJEKT\napisy.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\Program Files\Grisoft\AVG7\avginet.exe”=
“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=
“C:\Program Files\Grisoft\AVG7\avgcc.exe”=
“C:\Program Files\Grisoft\AVG7\avgemc.exe”=
“C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe”=
“C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\spy.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1422b582-990b-11dc-b78b-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6d1d90b6-9f51-11dc-b0a9-000df3032eb8}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{805e549a-9938-11dc-b08c-001d6022480a}]
\Shell\AutoRun\command - F:\af9rgm8h.bat
\Shell\explore\Command - F:\af9rgm8h.bat
\Shell\open\Command - F:\af9rgm8h.bat
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
HKLM-Run-lphcrgtj0e34e - C:\WINDOWS\system32\lphcrgtj0e34e.exe
HKLM-Run-SMrhcvgtj0e34e - C:\Program Files\rhcvgtj0e34e\rhcvgtj0e34e.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 12:45:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide]
“ImagePath”="??\C:\DOCUME~1\Ola\USTAWI~1\Temp\ASFWHide"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\WLAN\WConfig\WConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\spy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-07-06 12:46:58 - machine was rebooted [Ola]
ComboFix-quarantined-files.txt 2008-07-06 10:46:56
Pre-Run: 14,557,020,160 bajtów wolnych
Post-Run: 14,684,872,704 bajt˘w wolnych
172 — E O F — 2008-02-14 22:31:46
Pobierz Combofix ale nie uruchamiaj wklej do notatnika:
Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum
Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
ComboFix 08-07-05.1 - Ola 2008-07-06 13:51:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1487 [GMT 2:00]
Running from: C:\Documents and Settings\Ola\Pulpit\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Ola\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\msxml71.dll
F:\af9rgm8h.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\3A.tmp
C:\WINDOWS\system32\msxml71.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.
2008-07-06 12:22 . 2008-07-06 12:28
2008-07-06 12:22 . 2008-07-06 12:22
2008-07-06 12:19 . 2008-07-06 12:19
2008-07-06 12:18 . 2008-07-06 12:18
2008-07-06 12:18 . 2008-07-06 12:18
2008-07-06 11:41 . 2008-07-06 11:41
2008-07-06 11:41 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-05 10:46 . 2008-07-05 10:46
2008-07-01 11:27 . 2008-07-01 11:27
2008-06-30 11:26 . 2008-06-30 11:26
2008-06-30 11:14 . 2008-06-30 11:14
2008-06-14 12:47 . 2008-06-14 12:47
2008-06-14 12:46 . 2008-06-14 12:46
2008-06-14 12:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
2008-06-14 12:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
2008-06-14 12:45 . 2008-06-14 12:45
2008-06-14 12:45 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-14 12:45 . 2005-07-22 10:43 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2008-06-14 12:45 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx
2008-06-14 12:45 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-06-14 12:45 . 2005-11-24 11:34 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-06-14 12:45 . 2005-10-04 10:39 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-06-14 12:45 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 10:52 4 ----a-w C:\Program Files\is.dat
2008-07-06 10:49 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\Skype
2008-07-06 10:40 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\skypePM
2008-07-06 10:17 16,384 ----a-w C:\Program Files\uik.dat
2008-07-06 10:02 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\AVG7
2008-07-06 09:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
2008-07-04 19:58 --------- d-----w C:\Documents and Settings\Ola\Dane aplikacji\GanymedeNet
2008-07-03 16:58 --------- d-----w C:\Program Files\Ganymede
2008-06-14 10:46 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-12-06 19:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2002-01-09 16:04 1470488 --a------ C:\Program Files\Wisdom-soft\tbWis1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{6dfc55bb-bfff-485a-9709-90c3fdf6db58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]
[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}”= “C:\Program Files\Wisdom-soft\tbWis1.dll” [2002-01-09 16:04 1470488]
[HKEY_CLASSES_ROOT\clsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-12-12 16:23 21686568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22 7618560]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 15:34 868352]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-04-25 09:58 579584]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 17:40 155648]
“BEWINTERNET-PLSessionManager”=“C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe” [2007-07-24 19:03 102400]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
“nwiz”=“nwiz.exe” [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
“Resume copy”=“copyfstq.exe” [2002-03-24 13:54 46080 C:\WINDOWS\COPYFSTQ.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]
“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2008-01-29 23:23 219136]
C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\
spy.bak [2008-07-06 12:45:32 336]
spy.exe [2004-12-14 12:34:58 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
“msacm.divxa32”= msaud32_divx.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\NAPI-PROJEKT\napisy.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\Program Files\Grisoft\AVG7\avginet.exe”=
“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=
“C:\Program Files\Grisoft\AVG7\avgcc.exe”=
“C:\Program Files\Grisoft\AVG7\avgemc.exe”=
“C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe”=
“C:\Documents and Settings\Ola\Menu Start\Programy\Autostart\spy.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2006-03-02 14:00]
R3 RT2400PCI;802.11b WLAN PCI;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-31 09:47]
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-15 16:48]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 16:48]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-15 16:48]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-01-15 16:48]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 13:52:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASFWHide]
“ImagePath”="??\C:\DOCUME~1\Ola\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-07-06 13:52:44
ComboFix-quarantined-files.txt 2008-07-06 11:52:40
ComboFix2.txt 2008-07-06 10:46:59
Pre-Run: 14,664,437,760 bajtów wolnych
Post-Run: 14,664,585,216 bajtów wolnych
134 — E O F — 2008-02-14 22:31:46
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
dzieki za pomoc spandaupol - pomogło Hubert dzieki za chęci ale juz to zalatwilem