Komp muli, podejrzenie wirusa - logi


(system) #1

Ostatnio bardzo zaczął mi zwalniać komputer i internet. Dawno go nie sprawdzałem żadnym programem antywirusowym i podejrzewam infekcję. Załączam logi:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:33:53, on 2008-08-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Tomek\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O17 - HKLM\System\CCS\Services\Tcpip..{7444DBF6-977E-4529-8749-CD7F704074F7}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{7444DBF6-977E-4529-8749-CD7F704074F7}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: bdmnopx - {62A42064-3921-4611-B659-61C74AE526B3} - C:\WINDOWS\bdmnopx.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 5531 bytes

Proszę o ich sprawdzenie i dziękuję z góry


(Spandau) #2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.


(system) #3

Zrobione. Proszę:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59, on 2008-08-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Tomek\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O17 - HKLM\System\CCS\Services\Tcpip..{7444DBF6-977E-4529-8749-CD7F704074F7}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{7444DBF6-977E-4529-8749-CD7F704074F7}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 5296 bytes


(Leon$) #4

Daj log z usuwania

Start >> wyszukaj >> ComboFix.txt

:slight_smile:


(system) #5

ComboFix 08-08-15.04 - Tomek 2008-08-16 18:10:01.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.386 [GMT 2:00]

Running from: C:\Documents and Settings\Tomek\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Tomek\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\ja\Cookies\ja@oczyszczaczkomputerza[1].txt

C:\Documents and Settings\ja\Cookies\ja@systemerrorfixer[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@ad.yieldmanager[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@adidm07.idmnet[2].txt

C:\Documents and Settings\Tomek\Cookies\tomek@ads.sciaga[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@metacafe[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@nuggad[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@oczyszczaczkomputerza[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@onet[3].txt

C:\Documents and Settings\Tomek\Cookies\tomek@showit[2].txt

C:\Documents and Settings\Tomek\Cookies\tomek@systemerrorfixer[1].txt

C:\Documents and Settings\Tomek\Cookies\tomek@tradedoubler[2].txt

C:\Documents and Settings\Tomek\Cookies\tomek@trustedantivirus[2].txt

C:\Documents and Settings\Tomek\Cookies\tomek@www.careerjet[2].txt

C:\WINDOWS\dat.txt

C:\WINDOWS\fsxloqf.exe

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

C:\WINDOWS\search_res.txt

.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))

.

2008-08-16 16:14 . 2008-08-16 16:14

2008-08-12 21:35 . 2008-08-12 21:35

2008-08-12 21:33 . 2008-08-12 21:33

2008-08-10 17:51 . 2008-08-10 17:51

2008-08-08 21:16 . 2008-08-08 21:16 0 --a------ C:\WINDOWS\VDM26.tmp

2008-08-08 21:14 . 2008-08-08 21:14 0 --a------ C:\WINDOWS\VDM25.tmp

2008-08-08 21:01 . 2008-08-08 21:01 0 --a------ C:\WINDOWS\VDM23.tmp

2008-08-08 21:01 . 2008-08-08 21:01 0 --a------ C:\WINDOWS\VDM22.tmp

2008-08-08 20:56 . 2008-08-08 20:56 0 --a------ C:\WINDOWS\VDM21.tmp

2008-08-08 20:55 . 2008-08-08 20:55 0 --a------ C:\WINDOWS\VDM20.tmp

2008-08-08 20:45 . 2008-08-08 20:45 0 --a------ C:\WINDOWS\VDM1F.tmp

2008-08-08 20:39 . 2008-08-08 20:39 0 --a------ C:\WINDOWS\VDM1E.tmp

2008-08-08 20:39 . 2008-08-08 20:39 0 --a------ C:\WINDOWS\VDM1D.tmp

2008-08-08 20:32 . 2008-08-08 20:32 0 --a------ C:\WINDOWS\VDM1C.tmp

2008-08-08 20:19 . 2008-08-16 16:24

2008-08-08 13:31 . 2008-08-13 10:54 2,035 --a------ C:\rsdl.xpi

2008-08-08 13:31 . 2008-08-13 10:54 1,209 --a------ C:\rs-ff-install.html

2008-08-08 13:31 . 2008-08-13 10:53 740 --a------ C:\temp.html

2008-07-30 01:05 . 2008-07-30 01:05

2008-07-30 00:46 . 2008-07-30 00:46

2008-07-30 00:14 . 2008-07-30 00:14

2008-07-30 00:13 . 2008-07-30 00:13

2008-07-28 13:10 . 2008-08-01 14:37

2008-07-28 12:13 . 2008-07-28 12:14

2008-07-28 11:57 . 2008-07-28 11:57

2008-07-28 11:45 . 2008-07-30 21:09

2008-07-25 23:05 . 2008-07-25 23:05

2008-07-25 11:56 . 2008-07-25 11:56

2008-07-25 11:54 . 2008-07-25 11:54

2008-07-25 11:49 . 2008-07-28 13:08

2008-07-25 11:48 . 2008-07-25 11:49

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:49

2008-07-25 11:48 . 2008-07-25 11:56

2008-07-25 11:48 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-07-25 11:48 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-07-25 11:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-07-25 11:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-07-25 11:48 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-07-25 11:47 . 2008-07-25 11:48

2008-07-25 11:46 . 2008-07-25 11:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-25 11:46 . 2008-07-25 11:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-25 11:45 . 2008-07-25 11:46

2008-07-19 09:09 . 2008-07-19 07:08 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-07-19 09:09 . 2008-07-19 07:08 351,744 --a------ C:\WINDOWS\system32\avisynth.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-16 16:08 --------- d-----w C:\Program Files\Neostrada TP

2008-08-16 14:17 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Skype

2008-08-16 14:16 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\skypePM

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-04 16:40 --------- d-----w C:\Program Files\podatki.pl

2008-07-04 12:07 --------- d-----w C:\Program Files\ePSXe

2008-07-04 12:03 --------- d-----w C:\Program Files\Empire Interactive

2008-06-29 10:19 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Apple Computer

2008-06-27 14:48 --------- d-----w C:\Documents and Settings\ja\Dane aplikacji\Apple Computer

2008-06-27 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-06-27 14:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple

2008-06-27 14:29 --------- d-----w C:\Program Files\Real Alternative

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 11:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-06-24 10:34 --------- d-----w C:\Documents and Settings\ja\Dane aplikacji\Media Player Classic

2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-02-25 15:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\ja\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"LightScribeService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Documents and Settings\ja\Moje dokumenty\hfs.exe"=

"C:\Age Of Empires II\empires2.exe"=

"C:\Age Of Empires II\age2_x1.exe"=

"E:\Gry\Sports Interactive\Football Manager 2007\fm.exe"=

"E:\Programy\SopCast\SopCast.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 19:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{059c54f1-d7d7-11dc-90fb-4d6564696130}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4229a3e0-c2e7-11dc-90a2-4d6564696130}]

\Shell\Auto\command - auto.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{eed4f370-6659-11dd-93fb-c7b72c8a284b}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-06-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job

  • C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

.

  • ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-16 18:14:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-16 18:16:32

ComboFix-quarantined-files.txt 2008-08-16 16:16:15

Pre-Run: 1,724,608,512 bajtów wolnych

Post-Run: 5,815,750,656 bajtów wolnych

218 --- E O F --- 2008-08-16 11:01:48


(Leon$) #6

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(system) #7

ComboFix 08-08-15.04 - Tomek 2008-08-16 18:37:41.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.337 [GMT 2:00]

Running from: C:\Documents and Settings\Tomek\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Tomek\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\VDM1C.tmp

C:\WINDOWS\VDM1D.tmp

C:\WINDOWS\VDM1E.tmp

C:\WINDOWS\VDM1F.tmp

C:\WINDOWS\VDM20.tmp

C:\WINDOWS\VDM21.tmp

C:\WINDOWS\VDM22.tmp

C:\WINDOWS\VDM23.tmp

C:\WINDOWS\VDM25.tmp

C:\WINDOWS\VDM26.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\VDM1C.tmp

C:\WINDOWS\VDM1D.tmp

C:\WINDOWS\VDM1E.tmp

C:\WINDOWS\VDM1F.tmp

C:\WINDOWS\VDM20.tmp

C:\WINDOWS\VDM21.tmp

C:\WINDOWS\VDM22.tmp

C:\WINDOWS\VDM23.tmp

C:\WINDOWS\VDM25.tmp

C:\WINDOWS\VDM26.tmp

.

((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))

.

2008-08-16 16:14 . 2008-08-16 16:14

2008-08-12 21:35 . 2008-08-12 21:35

2008-08-12 21:33 . 2008-08-12 21:33

2008-08-10 17:51 . 2008-08-10 17:51

2008-08-08 20:19 . 2008-08-16 16:24

2008-08-08 13:31 . 2008-08-13 10:54 2,035 --a------ C:\rsdl.xpi

2008-08-08 13:31 . 2008-08-13 10:54 1,209 --a------ C:\rs-ff-install.html

2008-08-08 13:31 . 2008-08-13 10:53 740 --a------ C:\temp.html

2008-07-30 01:05 . 2008-07-30 01:05

2008-07-30 00:46 . 2008-07-30 00:46

2008-07-30 00:14 . 2008-07-30 00:14

2008-07-30 00:13 . 2008-07-30 00:13

2008-07-28 13:10 . 2008-08-01 14:37

2008-07-28 12:13 . 2008-07-28 12:14

2008-07-28 11:57 . 2008-07-28 11:57

2008-07-28 11:45 . 2008-07-30 21:09

2008-07-25 23:05 . 2008-07-25 23:05

2008-07-25 11:56 . 2008-07-25 11:56

2008-07-25 11:54 . 2008-07-25 11:54

2008-07-25 11:49 . 2008-07-28 13:08

2008-07-25 11:48 . 2008-07-25 11:49

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:48

2008-07-25 11:48 . 2008-07-25 11:49

2008-07-25 11:48 . 2008-07-25 11:56

2008-07-25 11:48 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-07-25 11:48 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-07-25 11:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-07-25 11:48 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-07-25 11:48 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-07-25 11:47 . 2008-07-25 11:48

2008-07-25 11:46 . 2008-07-25 11:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-25 11:46 . 2008-07-25 11:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-25 11:45 . 2008-07-25 11:46

2008-07-19 09:09 . 2008-07-19 07:08 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-07-19 09:09 . 2008-07-19 07:08 351,744 --a------ C:\WINDOWS\system32\avisynth.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-16 16:36 --------- d-----w C:\Program Files\Neostrada TP

2008-08-16 14:17 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Skype

2008-08-16 14:16 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\skypePM

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-04 16:40 --------- d-----w C:\Program Files\podatki.pl

2008-07-04 12:07 --------- d-----w C:\Program Files\ePSXe

2008-07-04 12:03 --------- d-----w C:\Program Files\Empire Interactive

2008-06-29 10:19 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Apple Computer

2008-06-27 14:48 --------- d-----w C:\Documents and Settings\ja\Dane aplikacji\Apple Computer

2008-06-27 14:42 --------- d-----w C:\Program Files\Apple Software Update

2008-06-27 14:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple

2008-06-27 14:29 --------- d-----w C:\Program Files\Real Alternative

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 11:00 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-06-24 10:34 --------- d-----w C:\Documents and Settings\ja\Dane aplikacji\Media Player Classic

2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-02-25 15:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 20:07 24576]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20:07 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 20:07 53248]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk

backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ja^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=C:\Documents and Settings\ja\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"LightScribeService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Documents and Settings\ja\Moje dokumenty\hfs.exe"=

"C:\Age Of Empires II\empires2.exe"=

"C:\Age Of Empires II\age2_x1.exe"=

"E:\Gry\Sports Interactive\Football Manager 2007\fm.exe"=

"E:\Programy\SopCast\SopCast.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 19:41]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-06-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job

  • C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-16 18:40:42

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-16 18:42:22

ComboFix-quarantined-files.txt 2008-08-16 16:42:01

ComboFix2.txt 2008-08-16 16:16:33

Pre-Run: 6,235,885,568 bajtów wolnych

Post-Run: 6,227,623,936 bajtów wolnych

193 --- E O F --- 2008-08-16 11:01:48


(Leon$) #8

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& ... It!+4.44.5

:slight_smile:


(system) #9

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\rsdl.xpi" deleted successfully.

File "C:\rs-ff-install.html" deleted successfully.

File "C:\temp.html" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


(Leon$) #10

usunięte

zrób pozostałe zalecenia przede wszystkim optymalizacje

:slight_smile:


(system) #11

Bardzo dziękuję za pomoc :slight_smile: