Komunikat o dialerze

ciaper79 · 22 Maj 2007 14:03

Witam,

Mam Avast’a i od jakiegoś tygodnia wyskakuje mi komunikat, że jest jakiś trojan dialer i blokuje go, więc nie dostaje się on do mojego kompa, ale wkurzajace jest, ajk co 10 minut wyskakuje alarm.

Nazwa pasożyta: Win32:Dialer-Bn[Trj]

Plik: http://gameglobin.info/g.php?wmid=bg002[VPX]

Skanowałem programami do usuwania robali i nic nie znalazło…

Proszę o sprawdzenie loga - z góry dziękuję.

Logfile of HijackThis v1.99.1 Scan saved at 15:59:49, on 2007-05-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\uTorrent\utorrent.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Monia\USTAWI~1\Temp\Rar$EX00.344\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - c:\program files\steganos internet anonym pro 7\siapro7iep.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [µTorrent] “C:\Program Files\uTorrent\utorrent.exe” O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemplat … kurity.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLM\System\CCS\Services\Tcpip…{EFA5B28A-26C1-42E4-A9BA-15CE710D7173}: NameServer = 163.192.111.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

Joan · 22 Maj 2007 14:37

plik na czerwono usun ręcznie z dysku w trybie awaryjnym, wpis skasuj hjt

daj nowe logi hijack + SilentRunners

ciaper79 · 22 Maj 2007 15:05

Niestety, nie mogę usunąć ręcznie tego pliku, bo wyskakuje standardowy komunikat o odmowie dostępu, że plik jest używany, lub coś tam…

Natomiast wpis w HiJack kasuję, ale zaraz jest spowrotem

Krzychuu · 22 Maj 2007 15:09

ciaper79 napewno robisz to w awaryjnym?

ciaper79 · 22 Maj 2007 15:11

Oj, na pewno

Zrestartowałem kompa, F8 i wybrałem na samej górze “Tryb awaryjny”

Gutek · 22 Maj 2007 15:41

Daj log z Combofix

ciaper79 · 22 Maj 2007 16:05

Uruchomiłem Combofix.

Otrzymałem 2 pliki tekstowe:

1.ComboFix

2.ComboFix-quarantined-files

Oto one:

“Monia” - 2007-05-22 17:55:04 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “C:\Documents and Settings\Monia\Pulpit\Free Download Manager” (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\winetn32.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\WINDOWS\hosts C:\WINDOWS\services.exe C:\WINDOWS\system32.dll ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_GB -------\nm ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-18 15:38 2007-05-17 16:39 2007-05-07 22:06 2007-05-07 22:04 2007-05-07 21:56 2007-05-07 21:54 2007-05-07 21:53 2007-05-06 19:37 2007-04-30 18:27 2007-04-30 18:27 2007-04-23 14:15 2007-04-23 14:15 2007-04-22 14:00 2007-04-22 14:00 2007-04-22 13:58 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-22 13:58 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-22 13:58 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-04-22 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-22 13:58 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-04-22 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-22 13:58 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-22 13:58 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-22 13:58 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 10:27 2007-04-22 10:27 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2060-08-18 17:02:22 1,496,064 ----a-w C:\WINDOWS\system32\Cc3250mt.dll 2060-08-18 16:40:44 909,824 ----a-w C:\WINDOWS\system32\Cp3245mt.dll 2060-08-18 16:40:44 24,064 ----a-w C:\WINDOWS\system32\Borlndmm.dll 2007-05-20 12:57:58 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Skype 2007-05-16 15:32:14 -------- d-----w C:\Program Files\Common Files\KAV Shared Files 2007-05-10 08:03:49 -------- d-----w C:\Program Files\SpeedFan 2007-05-09 17:10:57 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\SopCast 2007-04-30 16:33:44 68,334 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-30 16:33:44 439,194 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 16:27:43 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-24 15:31:16 -------- d-----w C:\Program Files\SopCast 2007-04-22 11:56:20 -------- d-----w C:\Program Files\SubEdit-Player 2007-04-22 11:54:19 -------- d-----w C:\Program Files\DivX 2007-04-22 11:54:04 -------- d-----w C:\Program Files\ffdshow 2007-04-22 11:51:27 -------- d-----w C:\Program Files\Common Files\Real 2007-04-22 11:51:19 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Real 2007-04-17 17:25:30 -------- d-----w C:\Program Files\Lavalys 2007-04-12 17:21:29 -------- d-----w C:\Program Files\PITy2006 2007-04-11 15:01:26 -------- d-----w C:\Program Files\Winamp 2007-04-11 11:53:30 -------- d-----w C:\Program Files\jv16 PowerTools 2005 2007-04-11 11:37:26 -------- d-----w C:\Program Files\Norton Utilities 2007-04-11 11:37:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-04-11 09:32:34 -------- d-----w C:\Program Files\Skype 2007-04-11 09:28:20 -------- d-----w C:\Program Files\Gadu-Gadu (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 19:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2004-08-04 09:44] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “SIAPRO7”=“C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -firstboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GStartup.lnk] backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Norton System Doctor.lnk] backup=C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk] backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Monia^Menu Start^Programy^Autostart^Power Project.lnk] backup=C:\WINDOWS\pss\Power Project.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] “C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIAPRO7] “C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv] C:\WINDOWS\system32\spoolsvv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent] “C:\Program Files\uTorrent\utorrent.exe” ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 17:58:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 17:59:10 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-22 17:59 — E O F —

2006-08-01 17:04 661 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32.dll.vir 2006-08-01 17:07 4535 --a–c— C:\Qoobox\Quarantine\C\WINDOWS\hosts.vir 2007-04-26 17:23 15872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\SERVICES.EXE.vir 2007-05-17 08:33 19456 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winetn32.dll.vir 2007-05-17 18:19 40183 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir 2007-05-22 17:56 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf 2007-05-22 17:56 758 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_GB.reg.cf Zmienna PATH folderu Numer seryjny woluminu: C0F0-69B8 C:\QOOBOX —Quarantine ±–C | ±–Program Files | | —Common Files | | Yazzle1162OinUninstaller.exe.vir | | | —WINDOWS | | hosts.vir | | SERVICES.EXE.vir | | system32.dll.vir | | | —system32 | winetn32.dll.vir | —Registry_backups LEGACY_GB.reg.cf services_nm.reg.cf

Złączono Posta : 22.05.2007 (Wto) 18:06

Gutek · 22 Maj 2007 16:17

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę

C:\WINDOWS\system32\spoolsvv.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

ciaper79 · 22 Maj 2007 16:22

Zaraz to zrobię. A co ten Combofix dał do jakiejś kwarantanny? Nie trzeba tego usuwać? I co z plikiem który kazał mi usunąc Joan ??

…

Zrobiłem, ale po naciśnięciu czerwonego krzyżyka, zaczęło się odliczanie do restartu systemu, a następnie wyskoczył błąd - komunikat “PendindFileRenameOperations Registry Data has been Removed by External Process!” i komputer sam się nie zrestartował, więc nie wiem czy usunięto ten plik

Gutek · 22 Maj 2007 16:29

Został zneutralizowany

Możesz usunać folder C:\QOOBOX

ciaper79 · 22 Maj 2007 16:33

Więc nie wiem czy mogę dalej robić to co napisałeś - czyli pisać w notatniku ta komendę…

Gutek · 22 Maj 2007 16:36

Daj nowy log z Combo

ciaper79 · 22 Maj 2007 16:43

“Monia” - 2007-05-22 18:39:22 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “E:\Instalki\Do usuwania g˘wien” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-22 17:59 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-18 15:38 2007-05-17 16:39 2007-05-07 22:06 2007-05-07 22:04 2007-05-07 21:56 2007-05-07 21:54 2007-05-07 21:53 2007-05-06 19:37 2007-04-30 18:27 2007-04-30 18:27 2007-04-23 14:15 2007-04-23 14:15 2007-04-22 14:00 2007-04-22 14:00 2007-04-22 13:58 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-22 13:58 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-22 13:58 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-04-22 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-22 13:58 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-04-22 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-22 13:58 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-22 13:58 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-22 13:58 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 10:27 2007-04-22 10:27 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2060-08-18 17:02:22 1,496,064 ----a-w C:\WINDOWS\system32\Cc3250mt.dll 2060-08-18 16:40:44 909,824 ----a-w C:\WINDOWS\system32\Cp3245mt.dll 2060-08-18 16:40:44 24,064 ----a-w C:\WINDOWS\system32\Borlndmm.dll 2007-05-20 12:57:58 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Skype 2007-05-16 15:32:14 -------- d-----w C:\Program Files\Common Files\KAV Shared Files 2007-05-10 08:03:49 -------- d-----w C:\Program Files\SpeedFan 2007-05-09 17:10:57 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\SopCast 2007-04-30 16:33:44 68,334 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-30 16:33:44 439,194 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 16:27:43 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-24 15:31:16 -------- d-----w C:\Program Files\SopCast 2007-04-22 11:56:20 -------- d-----w C:\Program Files\SubEdit-Player 2007-04-22 11:54:19 -------- d-----w C:\Program Files\DivX 2007-04-22 11:54:04 -------- d-----w C:\Program Files\ffdshow 2007-04-22 11:51:27 -------- d-----w C:\Program Files\Common Files\Real 2007-04-22 11:51:19 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Real 2007-04-17 17:25:30 -------- d-----w C:\Program Files\Lavalys 2007-04-12 17:21:29 -------- d-----w C:\Program Files\PITy2006 2007-04-11 15:01:26 -------- d-----w C:\Program Files\Winamp 2007-04-11 11:53:30 -------- d-----w C:\Program Files\jv16 PowerTools 2005 2007-04-11 11:37:26 -------- d-----w C:\Program Files\Norton Utilities 2007-04-11 11:37:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-04-11 09:32:34 -------- d-----w C:\Program Files\Skype 2007-04-11 09:28:20 -------- d-----w C:\Program Files\Gadu-Gadu (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 19:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “SIAPRO7”=“C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -firstboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GStartup.lnk] backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Norton System Doctor.lnk] backup=C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk] backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Monia^Menu Start^Programy^Autostart^Power Project.lnk] backup=C:\WINDOWS\pss\Power Project.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] “C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIAPRO7] “C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv] C:\WINDOWS\system32\spoolsvv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent] “C:\Program Files\uTorrent\utorrent.exe” ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 18:40:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … cmd.exe [2732] scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 18:41:05 C:\ComboFix-quarantined-files.txt … 2007-05-22 17:59 C:\ComboFix2.txt … 2007-05-22 17:59 — E O F —

Gutek · 22 Maj 2007 16:48

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

ciaper79 · 22 Maj 2007 16:56

Oto plik utworzony przez The Avenger

Gutek · 22 Maj 2007 17:02

I kontrolnie daj loga z Combo powinno być Ok

ciaper79 · 22 Maj 2007 17:17

“Monia” - 2007-05-22 19:11:08 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “E:\Instalki\Do usuwania g˘wien” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-22 18:53 2007-05-22 17:59 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-18 15:38 2007-05-17 16:39 2007-05-07 22:06 2007-05-07 22:04 2007-05-07 21:56 2007-05-07 21:54 2007-05-07 21:53 2007-05-06 19:37 2007-04-30 18:27 2007-04-30 18:27 2007-04-23 14:15 2007-04-23 14:15 2007-04-22 14:00 2007-04-22 14:00 2007-04-22 13:58 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-04-22 13:58 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-04-22 13:58 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-04-22 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-04-22 13:58 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-04-22 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-04-22 13:58 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-04-22 13:58 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-04-22 13:58 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-04-22 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 13:58 2007-04-22 10:27 2007-04-22 10:27 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2060-08-18 17:02:22 1,496,064 ----a-w C:\WINDOWS\system32\Cc3250mt.dll 2060-08-18 16:40:44 909,824 ----a-w C:\WINDOWS\system32\Cp3245mt.dll 2060-08-18 16:40:44 24,064 ----a-w C:\WINDOWS\system32\Borlndmm.dll 2007-05-20 12:57:58 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Skype 2007-05-16 15:32:14 -------- d-----w C:\Program Files\Common Files\KAV Shared Files 2007-05-10 08:03:49 -------- d-----w C:\Program Files\SpeedFan 2007-05-09 17:10:57 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\SopCast 2007-04-30 16:33:44 68,334 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-30 16:33:44 439,194 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 16:27:43 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-24 15:31:16 -------- d-----w C:\Program Files\SopCast 2007-04-22 11:56:20 -------- d-----w C:\Program Files\SubEdit-Player 2007-04-22 11:54:19 -------- d-----w C:\Program Files\DivX 2007-04-22 11:54:04 -------- d-----w C:\Program Files\ffdshow 2007-04-22 11:51:27 -------- d-----w C:\Program Files\Common Files\Real 2007-04-22 11:51:19 -------- d-----w C:\DOCUME~1\Monia\DANEAP~1\Real 2007-04-17 17:25:30 -------- d-----w C:\Program Files\Lavalys 2007-04-12 17:21:29 -------- d-----w C:\Program Files\PITy2006 2007-04-11 15:01:26 -------- d-----w C:\Program Files\Winamp 2007-04-11 11:53:30 -------- d-----w C:\Program Files\jv16 PowerTools 2005 2007-04-11 11:37:26 -------- d-----w C:\Program Files\Norton Utilities 2007-04-11 11:37:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-04-11 09:32:34 -------- d-----w C:\Program Files\Skype 2007-04-11 09:28:20 -------- d-----w C:\Program Files\Gadu-Gadu (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {CC59E0F9-7E43-44FA-9FAA-8377850BF205}=C:\Program Files\Free Download Manager\iefdmcks.dll [2006-08-20 19:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “SIAPRO7”=“C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -firstboot [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^GStartup.lnk] backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak EasyShare software.lnk] backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kodak software updater.lnk] backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Norton System Doctor.lnk] backup=C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk] backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Monia^Menu Start^Programy^Autostart^Power Project.lnk] backup=C:\WINDOWS\pss\Power Project.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQ3HelperStartUp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firebird] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton SystemWorks] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Firewall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer] “C:\Program Files\Real\RealPlayer\realplay.exe” /RunUPGToolCommandReBoot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Show missed alarms] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIAPRO7] “C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe” -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\µTorrent] “C:\Program Files\uTorrent\utorrent.exe” ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 19:12:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-22 19:12:57 C:\ComboFix-quarantined-files.txt … 2007-05-22 17:59 C:\ComboFix2.txt … 2007-05-22 18:41 C:\ComboFix3.txt … 2007-05-22 17:59 — E O F —

A tak na marginesie:

Combo, coś zmienia chyba w rejestrze, bo pojawia się np. skrót IE na pulpicie, a znika z paska szybkiego uruchamiania. I zapora Windows blokuje wszystkie aplikacje od nowa.

I najbedziej mnie drażniące - gdy się najedzie na jakąś ikonę - pojawia się żółty dymek z pomocą czy czymś w tym stylu…

Jak to wyłączyć ?

Gutek · 22 Maj 2007 17:45

Zobacz Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580 i ustwa sobie jak uważasz

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

ciaper79 · 22 Maj 2007 17:51

A jeśli chodzi o ostatni plik z Combo - jest wszystko OK ?

Gutek · 22 Maj 2007 18:18

Ja nic nie widzę