Komputer nie przechodzi w stan wsztrzymania

bartekg · 26 Kwiecień 2008 19:04

Witam

Od pewnego czasu zauważyłem, że komputer nie przechodzi w stan wstrzymania. Wyswietla się ekran “przechodzę w stan wstrzymania” i tak stoi w miejscu.

Zamieszczam log. Z góry dzięki

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:01:49, on 2008-04-26

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\Program Files\Lexmark 3300 Series\lxccmon.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\DOCUME~1\Agatka\USTAWI~1\Temp\RtkBtMnt.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\Agatka\Pulpit\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\System32\lxcccoms.exe

C:\WINDOWS\System32\igfxext.exe

C:\WINDOWS\System32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.telsten.com:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM…\Run: [broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe

O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”

O4 - HKLM…\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM…\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16

O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Agatka\Pulpit\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm147YYPL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … 0.15-3.cab

O20 - Winlogon Notify: winzzd32 - C:\WINDOWS\SYSTEM32\winzzd32.dll

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxcccoms.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

–

End of file - 5642 bytes

huber2t · 26 Kwiecień 2008 19:09

fix w hijackthis

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM…\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm147YYPL O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … 0.15-3.cab O20 - Winlogon Notify: winzzd32 - C:\WINDOWS\SYSTEM32\winzzd32.dll

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\SYSTEM32\winzzd32.dll


Folder::

C:\Program Files\MyWebSearch

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

bartekg · 27 Kwiecień 2008 10:45

ComboFix 08-04-24.1 - Agatka 2008-04-27 12:27:46.2 - NTFSx86

Running from: C:\Documents and Settings\Agatka\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Agatka\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\SYSTEM32\winzzd32.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif

C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico

C:\Program Files\MyWebSearch\bar\Cache\000255F6.bin

C:\Program Files\MyWebSearch\bar\Cache\00026D66.bin

C:\Program Files\MyWebSearch\bar\Cache\001756F9

C:\Program Files\MyWebSearch\bar\Cache\001C5DC7.bin

C:\Program Files\MyWebSearch\bar\Cache\001C6A2B.bin

C:\Program Files\MyWebSearch\bar\Cache\001C7101.bin

C:\Program Files\MyWebSearch\bar\Cache\00291507.bin

C:\Program Files\MyWebSearch\bar\Cache\0039141F.bin

C:\Program Files\MyWebSearch\bar\Cache\00392342.bin

C:\Program Files\MyWebSearch\bar\Cache\00392F09.bin

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\SYSTEM32\winzzd32.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))

.

2008-04-26 21:35 . 2008-04-26 21:35 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-04-26 21:01 . 2008-04-26 21:01

2008-04-18 19:39 . 2008-04-18 19:39

2008-04-18 19:36 . 2008-04-26 20:54

2008-04-18 19:36 . 2008-04-18 19:36

2008-04-18 19:36 . 2008-04-26 20:54

2008-04-18 19:36 . 2008-04-18 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-18 19:36 . 2008-04-18 19:37 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 20:02 --------- d-----w C:\Program Files\Lx_cats

2008-03-21 11:15 45,056 ----a-w C:\msntlfpm.exe

2008-03-21 11:13 27,136 ----a-w C:\WINDOWS\system32\winmfu32.dll

2008-03-21 11:12 24,576 ----a-w C:\WINDOWS\system32\winosz32.dll

2008-03-21 11:12 24,576 ----a-w C:\WINDOWS\system32\winmyy32.dll

2008-03-13 18:29 --------- d-----w C:\Program Files\ZipGenius 6

2008-03-13 18:29 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\ZipGenius

2008-03-13 18:15 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\Datalayer

2008-03-13 18:14 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\Nokia

2008-03-13 18:12 --------- d-----w C:\Program Files\Nokia

2008-03-13 18:12 --------- d-----w C:\Program Files\DIFX

2008-03-13 18:12 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-03-13 18:12 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-13 18:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2008-03-13 18:12 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\PC Suite

2008-03-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations

2008-03-07 14:41 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\AdobeUM

2008-02-29 22:40 --------- d-----w C:\Program Files\PITy

2008-02-29 22:27 --------- d-----w C:\Program Files\Common Files\Adobe

.

------- Sigcheck -------

2002-09-20 19:05 1012736 8ac89a6d9579d7cca05ac655e6f4a8e5 C:\WINDOWS\explorer.exe

2002-09-20 19:05 1012736 6c5b3f17bc2c1e4ce4964e3b1171eb34 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-20 19:05 20480 91664de0c3158045992c19e3df6c8bae C:\WINDOWS\system32\ctfmon.exe

2002-09-20 19:05 20480 b6fe83dff79b386fc533f9856d2a9423 C:\WINDOWS\system32\dllcache\ctfmon.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 19:05 20480]

“Gadu-Gadu”=“C:\Documents and Settings\Agatka\Pulpit\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2002-08-20 16:08 1519645]

“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 17:21 1458176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Broadcom Wireless Manager UI”=“C:\WINDOWS\System32\WLTRAY.exe” [2005-11-11 14:40 1245184]

“lxccmon.exe”=“C:\Program Files\Lexmark 3300 Series\lxccmon.exe” [2005-07-21 02:17 200704]

“FaxCenterServer”=“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” [2005-07-12 11:36 307200]

“igfxtray”=“C:\WINDOWS\System32\igfxtray.exe” [2006-03-23 06:17 102400]

“igfxhkcmd”=“C:\WINDOWS\System32\hkcmd.exe” [2006-03-23 06:13 86016]

“igfxpers”=“C:\WINDOWS\System32\igfxpers.exe” [2006-03-23 06:17 126976]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-03 07:07 770138]

“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2889728 C:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2006-06-28 08:54 16256512 C:\WINDOWS\RTHDCPL.exe]

“AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2005-12-21 09:02 61440]

“LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” [2006-07-20 16:15 602112]

“LXCCCATS”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2005-07-20 15:44 73728]

“PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-06-15 13:36 237568]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2002-09-20 19:05 20480]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 01:00:00 36864]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 73780]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]

winzzd32.dll

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-18 17:36:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-27 12:31:25

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

detected NTDLL code modification:

ZwOpenFile

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-27 12:31:57

ComboFix-quarantined-files.txt 2008-04-27 10:31:54

Pre-Run: 4,265,947,136 bajtów wolnych

Post-Run: 4,710,408,192 bajtów wolnych

216

huber2t · 27 Kwiecień 2008 10:49

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\winmfu32.dll

C:\WINDOWS\system32\winosz32.dll

C:\WINDOWS\system32\winmyy32.dll


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła

się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

bartekg · 27 Kwiecień 2008 11:15

ComboFix 08-04-24.1 - Agatka 2008-04-27 13:06:51.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.196 [GMT 2:00]

Running from: C:\Documents and Settings\Agatka\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Agatka\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\winmfu32.dll

C:\WINDOWS\system32\winmyy32.dll

C:\WINDOWS\system32\winosz32.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\winmfu32.dll

C:\WINDOWS\system32\winmyy32.dll

C:\WINDOWS\system32\winosz32.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))

.

2008-04-26 21:35 . 2008-04-26 21:35 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

2008-04-26 21:01 . 2008-04-26 21:01

2008-04-18 19:39 . 2008-04-18 19:39

2008-04-18 19:36 . 2008-04-26 20:54

2008-04-18 19:36 . 2008-04-18 19:36

2008-04-18 19:36 . 2008-04-26 20:54

2008-04-18 19:36 . 2008-04-18 19:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-18 19:36 . 2008-04-18 19:37 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-31 20:02 --------- d-----w C:\Program Files\Lx_cats

2008-03-21 11:15 45,056 ----a-w C:\msntlfpm.exe

2008-03-13 18:29 --------- d-----w C:\Program Files\ZipGenius 6

2008-03-13 18:29 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\ZipGenius

2008-03-13 18:15 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\Datalayer

2008-03-13 18:14 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\Nokia

2008-03-13 18:12 --------- d-----w C:\Program Files\Nokia

2008-03-13 18:12 --------- d-----w C:\Program Files\DIFX

2008-03-13 18:12 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-03-13 18:12 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-13 18:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2008-03-13 18:12 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\PC Suite

2008-03-13 18:11 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations

2008-03-07 14:41 --------- d-----w C:\Documents and Settings\Agatka\Dane aplikacji\AdobeUM

2008-02-29 22:40 --------- d-----w C:\Program Files\PITy

2008-02-29 22:27 --------- d-----w C:\Program Files\Common Files\Adobe

.

------- Sigcheck -------

2002-09-20 19:05 1012736 8ac89a6d9579d7cca05ac655e6f4a8e5 C:\WINDOWS\explorer.exe

2002-09-20 19:05 1012736 6c5b3f17bc2c1e4ce4964e3b1171eb34 C:\WINDOWS\system32\dllcache\explorer.exe

2002-09-20 19:05 20480 91664de0c3158045992c19e3df6c8bae C:\WINDOWS\system32\ctfmon.exe

2002-09-20 19:05 20480 b6fe83dff79b386fc533f9856d2a9423 C:\WINDOWS\system32\dllcache\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-04-27_12.31.45.43 )))))))))))))))))))))))))))))))))))))))))

.

2008-04-27 10:25:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat

2008-04-27 10:39:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat

2005-10-20 18:02:28 174,080 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

2008-04-27 10:25:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-04-27 10:39:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

2008-04-27 10:25:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

2008-04-27 10:39:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

2008-04-27 10:25:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

2008-04-27 10:39:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

2008-03-30 09:21:24 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-04-27 10:40:42 40,326 ----a-w C:\WINDOWS\system32\perfc009.dat

2008-03-30 09:21:24 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat

2008-04-27 10:40:42 49,910 ----a-w C:\WINDOWS\system32\perfc015.dat

2008-03-30 09:21:24 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-04-27 10:40:42 311,938 ----a-w C:\WINDOWS\system32\perfh009.dat

2008-03-30 09:21:24 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat

2008-04-27 10:40:42 356,068 ----a-w C:\WINDOWS\system32\perfh015.dat