Nie moge usunąć Vundo

Tomash007 · 27 Listopad 2007 16:10

Mam podobny problem

Log wygląda następująco:

ComboFix 07-11-19.4 - Właściciel 2007-11-27 16:12:13.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.99 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt * Created a new restore point FILE C:\Temp\o729R138.exe C:\WINDOWS\system32\ddccd.dll C:\WINDOWS\system32\efccyvu.dll C:\WINDOWS\system32\ffyzsgct.dll C:\WINDOWS\system32\gzmrotate.dll C:\WINDOWS\system32\jkkklmj.dll C:\WINDOWS\system32\mollswue.dll C:\WINDOWS\system32\opnmjkl.dll C:\WINDOWS\system32\pmnkhgg.dll C:\WINDOWS\system32\pmnoopn.dll C:\WINDOWS\system32\sstqq.dll C:\WINDOWS\system32\tuvvurr.dll C:\WINDOWS\system32\urqnkhg.dll C:\WINDOWS\system32\wvurstr.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Właściciel\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Ulubione\Online Security Guide.lnk C:\Program Files\NetMeeting\Blip.wav C:\Program Files\NetMeeting\callcont.dll C:\Program Files\NetMeeting\cb32.exe C:\Program Files\NetMeeting\conf.exe C:\Program Files\NetMeeting\confmrsl.dll C:\Program Files\NetMeeting\dcap32.dll C:\Program Files\NetMeeting\h323cc.dll C:\Program Files\NetMeeting\MST120.DLL C:\Program Files\NetMeeting\MST123.DLL C:\Program Files\NetMeeting\nac.dll C:\Program Files\NetMeeting\netmeet.htm C:\Program Files\NetMeeting\nmas.dll C:\Program Files\NetMeeting\nmasnt.dll C:\Program Files\NetMeeting\nmchat.dll C:\Program Files\NetMeeting\nmcom.dll C:\Program Files\NetMeeting\nmft.dll C:\Program Files\NetMeeting\nmoldwb.dll C:\Program Files\NetMeeting\nmwb.dll C:\Program Files\NetMeeting\rrcm.dll C:\Program Files\NetMeeting\TestSnd.wav C:\Program Files\NetMeeting\wb32.exe C:\WINDOWS\system32\dfhhk.ini C:\WINDOWS\system32\dfhhk.ini2 C:\WINDOWS\system32\hranexeo.dllbox C:\WINDOWS\system32\khhfd.dll C:\Program Files\NetMeeting . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 16:15 2007-11-27 16:15 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-27 16:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-27 16:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-27 16:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-27 16:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-27 16:03 2007-11-27 16:03 2007-11-27 15:19 2007-11-27 12:00 1,442,046 —hs---- C:\WINDOWS\system32\wtkdesxl.ini 2007-11-27 12:00 85,056 --a------ C:\WINDOWS\system32\lxsedktw.dll 2007-11-27 11:57 78,912 --a------ C:\WINDOWS\system32\wbuwawgq.dll 2007-11-26 13:03 779,595 —hs---- C:\WINDOWS\system32\wyeibaqi.ini 2007-11-26 13:00 145,984 --a------ C:\WINDOWS\system32\kkcyfkys.dll 2007-11-25 12:48 37,376 --a------ C:\WINDOWS\system32\pmnmlkk.dll 2007-11-13 14:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-13 14:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-13 14:19 2007-11-12 22:58 2007-11-12 19:29 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-11-12 19:29 237,568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-11-12 19:29 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax 2007-11-12 19:29 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax 2007-11-12 19:29 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-11-12 19:29 45,056 --a------ C:\WINDOWS\system32\ogg.dll 2007-11-12 19:27 2007-11-12 17:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 15:37 7,297,056 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-27 15:33 12,288 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2007-11-27 15:30 86,516 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-27 14:48 --------- d-----w C:\Program Files\Mozilla Thunderbird Beta 2 2007-11-27 10:53 71,232 ----a-w C:\WINDOWS\system32\rwuvsrmo.exe 2007-11-26 13:35 --------- d-----w C:\Program Files\CDRWIN 6 2007-11-26 12:09 80,960 ----a-w C:\WINDOWS\system32\gngkclrl.dll 2007-11-26 12:00 145,984 ----a-w C:\WINDOWS\system32\hranexeo.dll 2007-11-26 11:57 71,232 ----a-w C:\WINDOWS\system32\ajijobqw.exe 2007-11-13 13:20 --------- d-----w C:\Program Files\Google 2007-11-12 21:51 --------- d-----w C:\Program Files\SopCast 2007-11-12 18:29 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-11-12 18:29 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-11-12 18:29 892,928 ----a-w C:\WINDOWS\system32\iconv.dll 2007-11-12 18:29 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-11-12 18:29 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-11-12 18:29 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-11-12 18:28 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-27 12:39 --------- d-----w C:\Program Files\Java 2007-10-26 16:44 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-26 16:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 16:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-06 14:14 75,248 -c–a-w C:\WINDOWS\zllsputility.exe 2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr . ((((((((((((((((((((((((((((( snapshot@2007-11-27_16.01.06.20 ))))))))))))))))))))))))))))))))))))))))) . - 2007-10-28 10:30:42 70,458 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-11-27 15:20:59 70,458 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-10-28 10:30:42 87,386 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-11-27 15:20:59 87,386 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-10-28 10:30:42 436,694 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-11-27 15:20:59 436,694 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-10-28 10:30:43 494,890 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-11-27 15:20:59 494,890 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-11-27 15:31:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_670.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-26 13:00 145984 --a------ C:\WINDOWS\system32\hranexeo.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{b5b02e2c-c005-49dd-8239-dda398b9ceba}] 2007-11-27 11:57 78912 --a------ C:\WINDOWS\system32\wbuwawgq.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{ED203331-9C33-49D8-8714-D24A366A04EC}] 2007-11-25 12:48 37376 --a------ C:\WINDOWS\system32\pmnmlkk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\hranexeo.dll [2007-11-26 13:00 145984] [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\hranexeo.dll [2007-11-26 13:00 145984] [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “PCTVOICE”=“pctspk.exe” [2003-11-07 08:35 C:\WINDOWS\system32\pctspk.exe] “NotebookHardwareControl”=“C:\Program Files\Notebook Hardware Control\nhc.exe” [2006-09-01 18:40] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-03-04 15:46] “CTDVDDet”=“C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00] “CTSysVol”=“C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe” [2003-07-09 14:36] “SbUsb AudCtrl”=“RunDll32 sbusbdll.dll” [] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 05:24] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 15:14] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “d49e4754”=“C:\WINDOWS\system32\lxsedktw.dll” [2007-11-27 12:00] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{ED203331-9C33-49D8-8714-D24A366A04EC}”= C:\WINDOWS\system32\pmnmlkk.dll [2007-11-25 12:48 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hranexeo] hranexeo.dll 2007-11-26 13:00 145984 C:\WINDOWS\system32\hranexeo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlkk] pmnmlkk.dll 2007-11-25 12:48 37376 C:\WINDOWS\system32\pmnmlkk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\khhfd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 08:38 241664 --a–c— C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-18 18:55 49152 --a–c— C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET] C:\Documents and Settings\Właściciel\Pulpit\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “idsvc”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{46815590-4060-11dc-b24f-0040d063c910}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the ‘Scheduled Tasks’ folder “2007-11-23 19:10:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 16:38:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 16:44:27 - machine was rebooted C:\ComboFix2.txt … 2007-11-27 16:03 . — E O F —

Dziękuję za wszelkie porady…

Gutek · 28 Listopad 2007 00:14

Wklej do Notatnika:

File:: C:\WINDOWS\system32\wtkdesxl.ini C:\WINDOWS\system32\lxsedktw.dll C:\WINDOWS\system32\wbuwawgq.dll C:\WINDOWS\system32\wyeibaqi.ini C:\WINDOWS\system32\kkcyfkys.dll C:\WINDOWS\system32\pmnmlkk.dll C:\WINDOWS\system32\gngkclrl.dll C:\WINDOWS\system32\hranexeo.dll C:\WINDOWS\system32\ajijobqw.exe C:\WINDOWS\system32\khhfd.dll Registry:: [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{b5b02e2c-c005-49dd-8239-dda398b9ceba}] [-HKEY_LOCAL_MACHINE~\Browser Helper Objects{ED203331-9C33-49D8-8714-D24A366A04EC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”=- [-HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”=- [-HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SbUsb AudCtrl”=- “d49e4754”=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{ED203331-9C33-49D8-8714-D24A366A04EC}”=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hranexeo] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlkk]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo, ale przed nowym logiem:

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik).

Tomash007 · 28 Listopad 2007 11:08

Jesteście WIELCY!

Tym samym macie nowego użytkownika forum który będzie

tutaj częściej zaglądał

Nowy log

ComboFix 07-11-19.4 - Właściciel 2007-11-28 11:52:31.3 - NTFSx86 Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\ajijobqw.exe C:\WINDOWS\system32\gngkclrl.dll C:\WINDOWS\system32\hranexeo.dll C:\WINDOWS\system32\khhfd.dll C:\WINDOWS\system32\kkcyfkys.dll C:\WINDOWS\system32\lxsedktw.dll C:\WINDOWS\system32\pmnmlkk.dll C:\WINDOWS\system32\wbuwawgq.dll C:\WINDOWS\system32\wtkdesxl.ini C:\WINDOWS\system32\wyeibaqi.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Właściciel\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\ajijobqw.exe C:\WINDOWS\system32\gngkclrl.dll C:\WINDOWS\system32\hranexeo.dll C:\WINDOWS\system32\hranexeo.dllbox C:\WINDOWS\system32\kkcyfkys.dll C:\WINDOWS\system32\lxsedktw.dll C:\WINDOWS\system32\pmnmlkk.dll C:\WINDOWS\system32\psuvw.ini C:\WINDOWS\system32\psuvw.ini2 C:\WINDOWS\system32\wbuwawgq.dll C:\WINDOWS\system32\wtkdesxl.ini C:\WINDOWS\system32\wvusp.dll C:\WINDOWS\system32\wyeibaqi.ini . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-27 17:27 2007-11-27 17:25 2007-11-27 16:15 2007-11-27 16:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-27 16:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-27 16:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-27 16:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-27 15:19 2007-11-13 14:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-13 14:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-13 14:19 2007-11-12 22:58 2007-11-12 19:29 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax 2007-11-12 19:29 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-11-12 19:27 2007-11-12 17:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 11:02 7,383,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 11:02 12,288 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2007-11-28 11:01 87,548 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 10:07 --------- d-----w C:\Program Files\Mozilla Thunderbird Beta 2 2007-11-26 13:35 --------- d-----w C:\Program Files\CDRWIN 6 2007-11-13 13:20 --------- d-----w C:\Program Files\Google 2007-11-12 21:51 --------- d-----w C:\Program Files\SopCast 2007-11-12 18:28 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-27 12:39 --------- d-----w C:\Program Files\Java 2007-10-26 16:44 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-26 16:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 16:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-06 14:14 75,248 -c–a-w C:\WINDOWS\zllsputility.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “PCTVOICE”=“pctspk.exe” [2003-11-07 08:35 C:\WINDOWS\system32\pctspk.exe] “NotebookHardwareControl”=“C:\Program Files\Notebook Hardware Control\nhc.exe” [2006-09-01 18:40] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-03-04 15:46] “CTDVDDet”=“C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00] “CTSysVol”=“C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe” [2003-07-09 14:36] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 05:24] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 15:14] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmlkk] pmnmlkk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\wvusp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 08:38 241664 --a–c— C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-18 18:55 49152 --a–c— C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET] C:\Documents and Settings\Właściciel\Pulpit\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “idsvc”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{46815590-4060-11dc-b24f-0040d063c910}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{20063EB9-64D3-53D3-3AEB-E740124D7590}] C:\WINDOWS\wmp\wmp.exe s . Contents of the ‘Scheduled Tasks’ folder “2007-11-23 19:10:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 12:04:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … C:\Program Files\Internet Explorer\iexplore.exe [1724] 0xFEDC0DA0 scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 12:05:52 - machine was rebooted C:\ComboFix2.txt … 2007-11-27 16:44 C:\ComboFix3.txt … 2007-11-27 16:03 . — E O F —

Gutek · 28 Listopad 2007 16:35

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo, przed nowym logiem:

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik).

Tomash007 · 28 Listopad 2007 20:09

Czy coś jeszcze dolega mojemu systemowi? Oto nowy log…

ComboFix 07-11-19.4 - Właściciel 2007-11-28 20:54:06.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.215 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\TROJANY\ComboFix.exe Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\wvusp.dll . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-27 17:27 2007-11-27 17:25 2007-11-27 16:15 2007-11-27 16:15 2007-11-27 16:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-27 16:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-27 16:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-27 16:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-27 15:19 2007-11-25 12:43 2007-11-13 14:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-13 14:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-13 14:19 2007-11-12 22:58 2007-11-12 19:29 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax 2007-11-12 19:29 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-11-12 19:27 2007-11-12 17:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 19:57 7,452,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 17:25 --------- d-----w C:\Program Files\Mozilla Thunderbird Beta 2 2007-11-28 16:06 12,288 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2007-11-28 16:05 87,836 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 11:58 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\foobar2000 2007-11-27 16:19 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent 2007-11-27 10:53 71,232 ----a-w C:\WINDOWS\system32\rwuvsrmo.exe 2007-11-26 13:35 --------- d-----w C:\Program Files\CDRWIN 6 2007-11-13 13:20 --------- d-----w C:\Program Files\Google 2007-11-12 21:51 --------- d-----w C:\Program Files\SopCast 2007-11-12 21:51 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\SopCast 2007-11-12 18:29 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-11-12 18:29 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-11-12 18:29 892,928 ----a-w C:\WINDOWS\system32\iconv.dll 2007-11-12 18:29 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-11-12 18:29 45,056 ----a-w C:\WINDOWS\system32\ogg.dll 2007-11-12 18:29 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2007-11-12 18:29 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2007-11-12 18:29 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-11-12 18:29 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-11-12 18:28 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-27 12:39 --------- d-----w C:\Program Files\Java 2007-10-26 16:44 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-26 16:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 16:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-06 14:14 75,248 -c–a-w C:\WINDOWS\zllsputility.exe 2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-08-16 16:53 47,360 -c–a-w C:\Documents and Settings\Właściciel\Dane aplikacji\pcouffin.sys 2007-06-13 13:23 22,040 —h–w C:\Documents and Settings\Właściciel\Dane aplikacji\wmp2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “PCTVOICE”=“pctspk.exe” [2003-11-07 08:35 C:\WINDOWS\system32\pctspk.exe] “NotebookHardwareControl”=“C:\Program Files\Notebook Hardware Control\nhc.exe” [2006-09-01 18:40] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-03-04 15:46] “CTDVDDet”=“C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00] “CTSysVol”=“C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe” [2003-07-09 14:36] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 05:24] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 15:14] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 08:38 241664 --a–c— C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-18 18:55 49152 --a–c— C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET] C:\Documents and Settings\Właściciel\Pulpit\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “idsvc”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{46815590-4060-11dc-b24f-0040d063c910}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{20063EB9-64D3-53D3-3AEB-E740124D7590}] C:\WINDOWS\wmp\wmp.exe s . Contents of the ‘Scheduled Tasks’ folder “2007-11-23 19:10:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 20:57:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes … C:\Program Files\Internet Explorer\iexplore.exe [3268] 0xF8EC4A88 scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 20:59:06 C:\ComboFix2.txt … 2007-11-28 12:05 C:\ComboFix3.txt … 2007-11-27 16:44 . — E O F —

Gutek · 28 Listopad 2007 22:29

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Tomash007 · 28 Listopad 2007 22:53

ComboFix 07-11-19.4 - Właściciel 2007-11-28 23:46:18.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.72 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\TROJANY\ComboFix.exe Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\wmp C:\WINDOWS\wmp\wmp.dat C:\WINDOWS\wmp\wmp.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-27 17:27 2007-11-27 16:15 2007-11-27 16:15 2007-11-27 16:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-27 16:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-27 16:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-27 16:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-27 15:19 2007-11-25 12:43 2007-11-13 14:20 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-11-13 14:20 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-11-13 14:19 2007-11-12 22:58 2007-11-12 19:29 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax 2007-11-12 19:29 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-11-12 19:27 2007-11-12 17:02 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 22:49 7,491,616 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 20:32 --------- d-----w C:\Program Files\Mozilla Thunderbird Beta 2 2007-11-28 16:06 12,288 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2007-11-28 16:05 87,836 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 11:58 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\foobar2000 2007-11-27 16:19 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent 2007-11-27 10:53 71,232 ----a-w C:\WINDOWS\system32\rwuvsrmo.exe 2007-11-26 13:35 --------- d-----w C:\Program Files\CDRWIN 6 2007-11-13 13:20 --------- d-----w C:\Program Files\Google 2007-11-12 21:51 --------- d-----w C:\Program Files\SopCast 2007-11-12 21:51 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\SopCast 2007-11-12 18:29 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll 2007-11-12 18:29 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll 2007-11-12 18:29 892,928 ----a-w C:\WINDOWS\system32\iconv.dll 2007-11-12 18:29 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-11-12 18:29 45,056 ----a-w C:\WINDOWS\system32\ogg.dll 2007-11-12 18:29 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll 2007-11-12 18:29 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll 2007-11-12 18:29 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll 2007-11-12 18:29 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll 2007-11-12 18:28 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-27 12:39 --------- d-----w C:\Program Files\Java 2007-10-26 16:44 --------- d-----w C:\Program Files\DAEMON Tools 2007-10-26 16:37 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-10-26 16:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-06 14:14 75,248 -c–a-w C:\WINDOWS\zllsputility.exe 2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-08-16 16:53 47,360 -c–a-w C:\Documents and Settings\Właściciel\Dane aplikacji\pcouffin.sys 2007-06-13 13:23 22,040 —h–w C:\Documents and Settings\Właściciel\Dane aplikacji\wmp2.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe” [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “PCTVOICE”=“pctspk.exe” [2003-11-07 08:35 C:\WINDOWS\system32\pctspk.exe] “NotebookHardwareControl”=“C:\Program Files\Notebook Hardware Control\nhc.exe” [2006-09-01 18:40] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-03-04 15:46] “CTDVDDet”=“C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE” [2003-06-18 01:00] “CTSysVol”=“C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe” [2003-07-09 14:36] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 05:24] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-09-06 15:14] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 08:38 241664 --a–c— C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2004-02-18 18:55 49152 --a–c— C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET] C:\Documents and Settings\Właściciel\Pulpit\netianet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini] C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe -hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “idsvc”=3 (0x3) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys R3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{46815590-4060-11dc-b24f-0040d063c910}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the ‘Scheduled Tasks’ folder “2007-11-23 19:10:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 23:49:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 23:50:39 C:\ComboFix2.txt … 2007-11-28 20:59 . — E O F —

Gutek · 28 Listopad 2007 23:11

Powinno być już Ok

Tomash007 · 28 Listopad 2007 23:44

Teraz wertuję przewodnik “Jak usprawnić Windows”

Dziękuję bardzo za zaangażowanie. Wiem już JAKĄ STRONĘ polecać

znajomym kiedy będą mieli problemy z komputerem. Dziękuję