przy zegarze na pulpicie pojawił sie napis virus alert i nie ma dysku systemowego proszę o pomoc

Daj log z -----> ComboFix

ComboFix 08-07-13.12 - Ryś 2008-07-14 17:39:04.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3034 [GMT 2:00]

Running from: C:\Documents and Settings\Ryś\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMffbec9d2.xml

.

---- Previous Run -------

.

C:\WINDOWS\BMffbec9d2.txt

C:\WINDOWS\efke.exe

C:\WINDOWS\fsrpknov.dll

C:\WINDOWS\gpefaowr.exe

C:\WINDOWS\system32\efcBuuRH.dll

C:\WINDOWS\system32\gjSvCJjl.ini

C:\WINDOWS\system32\gjSvCJjl.ini2

C:\WINDOWS\system32\IQAGffii.ini

C:\WINDOWS\system32\IQAGffii.ini2

C:\WINDOWS\system32\qyohclkg.ini

C:\WINDOWS\system32\vrkyqenq.ini

C:\WINDOWS\system32\YJRBLkkj.ini

C:\WINDOWS\system32\YJRBLkkj.ini2

C:\WINDOWS\system32\yyxdbfvh.ini

.

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

2008-07-14 17:11 . 2008-07-14 17:11

2008-07-14 14:48 . 2008-07-14 15:08 135 --a------ C:\WINDOWS\wininit.ini

2008-07-14 14:17 . 2008-07-14 04:07 458,752 --a------ C:\WINDOWS\wbxdpgfenlk.dll

2008-07-14 14:17 . 2008-07-14 14:17 33,152 --a------ C:\WINDOWS\system32\jkkLBuVM.dll

2008-07-14 13:10 . 2008-07-14 13:10

2008-07-14 13:09 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp133.tmp

2008-07-14 13:09 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp132.tmp

2008-07-14 12:55 . 2008-07-14 12:55

2008-07-14 12:47 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpDD.tmp

2008-07-14 12:47 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpDC.tmp

2008-06-28 19:21 . 2008-07-14 14:21

2008-06-28 19:21 . 2008-07-14 14:52

2008-06-28 08:37 . 2008-06-28 08:37 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-06-28 08:37 . 2008-06-28 08:37 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-06-27 11:47 . 2008-07-14 14:52

2008-06-27 09:53 . 2008-06-27 09:53

2008-06-27 09:53 . 2008-06-27 09:53

2008-06-26 22:19 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp115.tmp

2008-06-26 22:19 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp114.tmp

2008-06-26 21:36 . 2008-07-02 13:32

2008-06-26 21:36 . 2008-06-26 21:36

2008-06-26 21:36 . 2008-07-14 12:32

2008-06-26 21:36 . 2008-06-26 21:36

2008-06-26 20:58 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7C.tmp

2008-06-26 20:58 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7B.tmp

2008-06-26 01:05 . 2008-06-26 01:05

2008-06-26 00:26 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E1.tmp

2008-06-26 00:26 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E0.tmp

2008-06-26 00:19 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp188.tmp

2008-06-26 00:19 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp187.tmp

2008-06-25 23:48 . 2008-06-25 23:48

2008-06-25 23:41 . 2008-06-25 23:41

2008-06-25 23:29 . 2008-07-07 13:31

2008-06-25 22:42 . 2008-06-25 22:42

2008-06-25 22:42 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-06-25 22:42 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-06-25 22:42 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpAC.tmp

2008-06-25 22:42 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpAB.tmp

2008-06-25 22:42 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-06-25 22:42 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-06-25 22:42 . 2008-07-14 13:09 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-06-25 22:42 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-06-25 22:42 . 2008-07-14 13:09 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-06-25 22:42 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-06-19 18:54 . 2008-06-19 18:54

2008-06-19 18:53 . 2008-06-19 18:53

2008-06-19 18:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-19 18:51 . 2008-06-19 18:51

2008-06-17 15:09 . 2008-06-17 15:09 38 --a------ C:\WINDOWS\avisplitter.INI

2008-06-17 13:53 . 2008-06-17 13:54

2008-06-17 07:38 . 2008-06-17 07:38

2008-06-16 18:17 . 2008-06-16 18:17

2008-06-16 17:16 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-16 17:16 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-16 12:31 . 2008-06-21 03:00

2008-06-14 18:14 . 2008-06-14 18:14

2008-06-14 18:14 . 2008-06-14 18:14

2008-06-14 18:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys

2008-06-14 18:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys

2008-06-14 18:07 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 15:36 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-07-14 14:11 --------- d-----w C:\Program Files\eMule

2008-07-14 12:46 --------- d-----w C:\Program Files\Spyware Doctor

2008-07-14 10:55 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-04 09:39 --------- d-----w C:\Program Files\Electronic Arts

2008-06-28 06:45 --------- d-----w C:\Program Files\DivX

2008-06-28 06:29 --------- d-----w C:\Program Files\Ubisoft

2008-06-17 13:12 --------- d-----w C:\Program Files\SubEdit-Player

2008-06-14 16:06 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-04 18:39 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\OpenOffice.org2

2008-06-03 18:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-05-30 16:46 --------- d-----w C:\Program Files\Diablo II

2008-05-28 19:40 --------- d-----w C:\Program Files\CapCom

2008-05-28 16:13 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-05-28 16:12 --------- d-----w C:\Program Files\open

2008-05-27 17:51 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\PC Tools

2008-05-27 17:27 61,440 ----a-w C:\WINDOWS\system32\drivers\vkgobjc.sys

2008-05-27 17:27 50 ----a-w C:\Program Files\zdbbh.txt

2008-05-27 11:54 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe

2008-05-27 08:27 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\Grisoft

2008-05-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

2008-05-27 07:54 --------- d-----w C:\Program Files\Google

2008-05-26 19:32 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-05-26 19:32 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-05-26 19:32 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-05-26 19:27 2,829 ----a-w C:\WINDOWS\DIIUnin.pif

2008-05-26 19:27 106,496 ----a-w C:\WINDOWS\DIIUnin.exe

2008-05-26 18:22 --------- d-----w C:\Program Files\F1 Challenge 2007

2008-05-26 17:58 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-05-26 17:56 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-05-26 17:45 --------- d-----w C:\Program Files\WIDCOMM

2008-05-22 19:39 --------- d-----w C:\Program Files\SkanerOnline

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe

2008-05-14 21:00 --------- d-----w C:\Program Files\Matroska Pack

2008-05-14 18:17 22,328 ----a-w C:\Documents and Settings\Ryś\Dane aplikacji\PnkBstrK.sys

2008-05-14 17:57 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\Ubisoft

2008-05-14 17:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2008-05-14 12:59 --------- d-----w C:\Program Files\Fraps

2008-05-14 11:47 --------- d-----w C:\Program Files\EA Sports

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 18:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-05-05 17:20 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-05-05 17:18 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-06-26 21:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{FD0B419C-54A2-4FA8-80FA-A3F883F474B1}]

2008-07-14 04:07 458752 --a------ C:\WINDOWS\wbxdpgfenlk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-04-01 11:39 486856]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-05-27 09:54 171448]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“TBPanel”=“C:\Program Files\VDOTool\TBPanel.exe” [2008-01-09 15:33 2169384]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-01-09 11:53 13508608]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-01-09 11:53 86016]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-15 20:02 153136]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“!AVG Anti-Spyware”=“C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784]

“mirc”=“C:\WINDOWS\WINCRA\mirc.exe” [2006-11-23 17:45 2076672]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-06-26 00:06 1107848]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-02-12 10:06 262401]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-03 09:52 16841216 C:\WINDOWS\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2008-01-09 11:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=

“C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE”=

“C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe”=

“C:\Program Files\Codemasters\GRID\GRID.exe”=

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.

• • • • ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

SSODL-fsrpknov-{AEDB8C69-88B4-4214-A0C4-0768B48DF28E} - C:\WINDOWS\fsrpknov.dll

Notify-vtUkheBt - vtUkheBt.dll

Notify-vtUmNDVm - vtUmNDVm.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 17:40:33

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-14 17:41:20

ComboFix-quarantined-files.txt 2008-07-14 15:41:12

Pre-Run: 87,542,730,752 bajtów wolnych

Post-Run: 87,529,033,728 bajtów wolnych

210 — E O F — 2008-06-21 01:00:34

Infekcja " VUNDO "

Wklej do Notatnika:

File::

C:\WINDOWS\wbxdpgfenlk.dll

C:\WINDOWS\system32\jkkLBuVM.dll

C:\WINDOWS\system32\tmpDC.tmp

C:\WINDOWS\system32\tmpDD.tmp

C:\WINDOWS\system32\tmp133.tmp

C:\WINDOWS\system32\tmp132.tmp

C:\WINDOWS\system32\tmp115.tmp

C:\WINDOWS\system32\tmp114.tmp

C:\WINDOWS\system32\tmp7C.tmp

C:\WINDOWS\system32\tmp7B.tmp

C:\WINDOWS\system32\tmp1E1.tmp

C:\WINDOWS\system32\tmp1E0.tmp

C:\WINDOWS\system32\tmp188.tmp

C:\WINDOWS\system32\tmp187.tmp


Folder::

C:\Program Files\AskSBar


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD0B419C-54A2-4FA8-80FA-A3F883F474B1}]

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

–>

Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Spotkałem sie z tym problemem na kompie kolegi.Przywróciłem partycję systemową za pomocą programu AutoFix.

http://www.loading.pl/download.php?k=sp … tale&id=98

Natomiast napis Virus Alert jest do usunięcia w rejestrze systemowym.Istnieje tam jako dopisek do formatu w jakim jast wyświetlany zegar.

Znajdż w rejestrze wpis bodajże sTimeFormat i jeśli w danych będzie dopisek VIRUS ALERT to go usuń.Możesz też od razu wpisać w wyszukiwanie VIRUS ALERT.

ComboFix 08-07-13.12 - Ryś 2008-07-14 18:35:38.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3045 [GMT 2:00]

Running from: C:\Documents and Settings\Ryś\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Ryś\Pulpit\CFScript

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\jkkLBuVM.dll

C:\WINDOWS\system32\tmp114.tmp

C:\WINDOWS\system32\tmp115.tmp

C:\WINDOWS\system32\tmp132.tmp

C:\WINDOWS\system32\tmp133.tmp

C:\WINDOWS\system32\tmp187.tmp

C:\WINDOWS\system32\tmp188.tmp

C:\WINDOWS\system32\tmp1E0.tmp

C:\WINDOWS\system32\tmp1E1.tmp

C:\WINDOWS\system32\tmp7B.tmp

C:\WINDOWS\system32\tmp7C.tmp

C:\WINDOWS\system32\tmpDC.tmp

C:\WINDOWS\system32\tmpDD.tmp

C:\WINDOWS\wbxdpgfenlk.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))

.

2008-07-14 17:11 . 2008-07-14 17:11

2008-07-14 14:48 . 2008-07-14 15:08 135 --a------ C:\WINDOWS\wininit.ini

2008-07-14 13:10 . 2008-07-14 13:10

2008-07-14 12:55 . 2008-07-14 12:55

2008-06-28 19:21 . 2008-07-14 14:21

2008-06-28 19:21 . 2008-07-14 14:52

2008-06-28 08:37 . 2008-06-28 08:37 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-06-28 08:37 . 2008-06-28 08:37 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-06-27 11:47 . 2008-07-14 14:52

2008-06-27 09:53 . 2008-06-27 09:53

2008-06-27 09:53 . 2008-06-27 09:53

2008-06-26 21:36 . 2008-07-02 13:32

2008-06-26 21:36 . 2008-07-14 12:32

2008-06-26 21:36 . 2008-06-26 21:36

2008-06-26 01:05 . 2008-06-26 01:05

2008-06-25 23:48 . 2008-06-25 23:48

2008-06-25 23:41 . 2008-06-25 23:41

2008-06-25 23:29 . 2008-07-07 13:31

2008-06-25 22:42 . 2008-06-25 22:42

2008-06-25 22:42 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll

2008-06-25 22:42 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll

2008-06-25 22:42 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpAC.tmp

2008-06-25 22:42 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpAB.tmp

2008-06-25 22:42 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll

2008-06-25 22:42 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll

2008-06-25 22:42 . 2008-07-14 13:09 444,952 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-06-25 22:42 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll

2008-06-25 22:42 . 2008-07-14 13:09 109,080 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-06-25 22:42 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll

2008-06-19 18:54 . 2008-06-19 18:54

2008-06-19 18:53 . 2008-06-19 18:53

2008-06-19 18:53 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-19 18:51 . 2008-06-19 18:51

2008-06-17 15:09 . 2008-06-17 15:09 38 --a------ C:\WINDOWS\avisplitter.INI

2008-06-17 13:53 . 2008-06-17 13:54

2008-06-17 07:38 . 2008-06-17 07:38

2008-06-16 18:17 . 2008-06-16 18:17

2008-06-16 17:16 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-16 17:16 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-16 12:31 . 2008-06-21 03:00

2008-06-14 18:14 . 2008-06-14 18:14

2008-06-14 18:14 . 2008-06-14 18:14

2008-06-14 18:14 . 2007-01-16 13:52 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys

2008-06-14 18:14 . 2007-01-16 13:52 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys

2008-06-14 18:07 . 2007-01-10 10:14 450,560 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-14 16:30 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-07-14 16:30 --------- d-----w C:\Program Files\Spyware Doctor

2008-07-14 16:20 --------- d-----w C:\Program Files\eMule

2008-07-14 10:55 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-04 09:39 --------- d-----w C:\Program Files\Electronic Arts

2008-06-28 06:45 --------- d-----w C:\Program Files\DivX

2008-06-28 06:29 --------- d-----w C:\Program Files\Ubisoft

2008-06-17 13:12 --------- d-----w C:\Program Files\SubEdit-Player

2008-06-14 16:06 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-04 18:39 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\OpenOffice.org2

2008-06-03 18:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-05-30 16:46 --------- d-----w C:\Program Files\Diablo II

2008-05-28 19:40 --------- d-----w C:\Program Files\CapCom

2008-05-28 16:13 --------- d-----w C:\Program Files\OpenOffice.org 2.3

2008-05-28 16:12 --------- d-----w C:\Program Files\open

2008-05-27 17:51 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\PC Tools

2008-05-27 17:27 61,440 ----a-w C:\WINDOWS\system32\drivers\vkgobjc.sys

2008-05-27 17:27 50 ----a-w C:\Program Files\zdbbh.txt

2008-05-27 11:54 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe

2008-05-27 08:27 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\Grisoft

2008-05-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

2008-05-27 07:54 --------- d-----w C:\Program Files\Google

2008-05-26 19:32 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-05-26 19:32 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-05-26 19:32 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-05-26 19:27 2,829 ----a-w C:\WINDOWS\DIIUnin.pif

2008-05-26 19:27 106,496 ----a-w C:\WINDOWS\DIIUnin.exe

2008-05-26 18:22 --------- d-----w C:\Program Files\F1 Challenge 2007

2008-05-26 17:58 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-05-26 17:56 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-05-26 17:45 --------- d-----w C:\Program Files\WIDCOMM

2008-05-22 19:39 --------- d-----w C:\Program Files\SkanerOnline

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe

2008-05-14 21:00 --------- d-----w C:\Program Files\Matroska Pack

2008-05-14 18:17 22,328 ----a-w C:\Documents and Settings\Ryś\Dane aplikacji\PnkBstrK.sys

2008-05-14 17:57 --------- d-----w C:\Documents and Settings\Ryś\Dane aplikacji\Ubisoft

2008-05-14 17:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2008-05-14 12:59 --------- d-----w C:\Program Files\Fraps

2008-05-14 11:47 --------- d-----w C:\Program Files\EA Sports

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 18:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-05-05 17:20 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-05-05 17:18 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-04-01 11:39 486856]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-05-27 09:54 171448]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“TBPanel”=“C:\Program Files\VDOTool\TBPanel.exe” [2008-01-09 15:33 2169384]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-01-09 11:53 13508608]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-01-09 11:53 86016]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-15 20:02 153136]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“!AVG Anti-Spyware”=“C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 04:28 144784]

“mirc”=“C:\WINDOWS\WINCRA\mirc.exe” [2006-11-23 17:45 2076672]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-06-26 00:06 1107848]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-02-12 10:06 262401]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-03 09:52 16841216 C:\WINDOWS\RTHDCPL.exe]

“nwiz”=“nwiz.exe” [2008-01-09 11:53 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe”=

“C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=

“C:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=

“C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE”=

“C:\Program Files\Ubisoft\THE SETTLERS - Narodziny Imperium\base\bin\Settlers6.exe”=

“C:\Program Files\Codemasters\GRID\GRID.exe”=

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-14 18:37:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-14 18:38:09

ComboFix-quarantined-files.txt 2008-07-14 16:38:02

ComboFix2.txt 2008-07-14 15:41:21

Pre-Run: 87,489,024,000 bajtów wolnych

Post-Run: 87,475,167,232 bajtów wolnych

183 — E O F — 2008-06-21 01:00:34

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!