Oczyszczacz

system · 15 Marzec 2008 18:35

Pomóżcie proszę sprawdzić loga http://www.wklej.org/id/9a294b8fdf

wyskakuje ciągle jakis komunikat o oczyszczaniu komputera i komputer zamula.

Pozdrawiam i Dzięki

Leon1 · 15 Marzec 2008 18:58

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

wpisy

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

system · 15 Marzec 2008 20:03

Dzieki za rade. To jest cały log combofixa po wykonaniu zaleconych czynności.

ComboFix 08-03-14.4 - klimpar 2008-03-15 20:42:44.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.484 [GMT 1:00]

Running from: C:\Documents and Settings\klimpar\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\klimpar\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\nflipfmw.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMcb8e4380.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awtsqqp.dll

C:\WINDOWS\system32\gjsptrnr.dll

C:\WINDOWS\system32\nflipfmw.dll

C:\WINDOWS\system32\onnmp.ini

C:\WINDOWS\system32\onnmp.ini2

C:\WINDOWS\system32\pmnno.dll

C:\WINDOWS\system32\qjcpjpyu.ini

C:\WINDOWS\system32\uypjpcjq.dll

C:\WINDOWS\system32\winhld32.dll

.

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))

.

2008-03-15 17:05 . 2008-03-15 17:05

2008-03-14 18:52 . 2008-03-14 18:52

2008-03-14 17:39 . 2008-03-14 17:39 18 --a------ C:\WINDOWS\system32\freg.ini

2008-03-14 17:24 . 2008-03-14 17:24 10 --a------ C:\WINDOWS\Syskernel12.dll

2008-03-14 17:23 . 1999-03-23 11:56 385,024 --a------ C:\WINDOWS\system32\Mp3play.ocx

2008-03-10 11:55 . 2008-03-10 11:55

2008-03-09 17:56 . 2008-03-10 19:33

2008-03-09 01:34 . 2008-03-09 01:34

2008-03-08 20:58 . 2008-03-08 20:58

2008-03-08 20:58 . 2008-03-14 18:49

2008-03-08 20:55 . 2008-03-09 00:47

2008-03-08 20:55 . 2008-03-08 20:56

2008-03-08 20:55 . 2008-03-08 20:55

2008-03-08 20:18 . 2008-03-08 20:18

2008-03-08 20:18 . 2007-07-05 01:33 892,928 --a------ C:\WINDOWS\system32\iconv.dll

2008-03-08 20:18 . 2007-08-09 11:27 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax

2008-03-08 20:18 . 2007-08-09 11:27 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-03-08 20:18 . 2006-08-16 14:53 319,488 --a------ C:\WINDOWS\system32\coreaac.ax

2008-03-08 20:18 . 2007-10-29 16:12 187,392 --a------ C:\WINDOWS\system32\coreavcdecoder.ax

2008-03-08 20:18 . 2007-06-28 17:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-03-08 20:05 . 2007-04-24 16:30 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-03-08 20:01 . 2008-03-08 20:01

2008-03-08 19:49 . 2008-03-08 19:49

2008-03-08 19:47 . 2008-03-08 19:47

2008-03-08 19:47 . 2007-06-28 17:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-03-08 19:47 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm

2008-03-08 19:47 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-03-08 19:47 . 2007-06-28 17:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-03-08 19:47 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-03-08 19:47 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm

2008-03-08 19:47 . 2008-03-04 12:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-08 19:47 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-08 19:47 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-03-05 16:58 . 2008-03-14 20:00

2008-03-04 21:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-03-04 21:52 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-03-04 21:52 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-03-04 21:52 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-04 21:52 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-03-04 21:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-04 21:52 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-04 21:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-04 21:51 . 2008-03-04 21:51

2008-03-04 17:51 . 2008-03-15 11:11

2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe

2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax

2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-15 10:36 --------- d-----w C:\Program Files\ArcaMicroScan

2008-03-15 10:31 --------- d-----w C:\Program Files\NoAdware3

2008-03-10 16:27 --------- d-----w C:\Program Files\SkanerOnline

2008-03-08 18:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-08 18:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-03-04 20:50 --------- d-----w C:\Documents and Settings\klimpar\Dane aplikacji\Symantec

2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 11:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 11:00 15360]

C:\Documents and Settings\klimpar\Menu Start\Programy\Autostart\

Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 13:06:14 59080]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 16:18:22 10872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Desktop Search.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Desktop Search.lnk

backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

–a------ 2006-03-18 07:22 89541 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

–a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

–a------ 2005-12-11 20:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcb8e4380]

C:\WINDOWS\system32\nflipfmw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c8bd701c]

C:\WINDOWS\system32\uypjpcjq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2004-08-04 11:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDWMon]

–a------ 2006-04-28 10:49 262144 C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

C:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]

–a------ 2005-12-22 14:34 1077329 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

–a------ 2006-06-28 13:54 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

–a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a------ 2006-05-03 01:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

–a------ 2006-04-07 15:48 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]

–a------ 2005-04-12 11:04 65536 C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]

–a------ 2006-08-01 09:57 1773568 C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]

–a------ 2005-08-04 13:16 266240 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Toshiba\ConfigFree\CFXFER.exe”=

“C:\Program Files\eMule\emule.exe”=

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-15 20:48:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\cscript.exe

.

**************************************************************************

.

Completion time: 2008-03-15 20:51:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-15 19:51:26

.

2008-03-12 19:08:15 — E O F —

Jest OK ???

Pozdro

Leon1 · 15 Marzec 2008 20:49

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Po restarcie jeśli wszystko będzie OK usuń ręcznie folder C: \Qoobox

usuń instalkę Combofix z dysku.

Włącz przywracanie systemu

system · 15 Marzec 2008 22:02

Dzieki serdeczne.

Jak dla mnie jesteś Wielki

Pozdrawiam.

Chyba bedzie git

JNJN · 16 Marzec 2008 11:34

Proszę zmienić temat na konkretny, opcja edytuj i popraw.JNJN