Problem z infekcją dysku - logi z SmitFraudFix i ComboFix

Maciek111 · 23 Październik 2007 11:29

Wyskakują mi jakieś bzdurne syfy, dialery itd. Mogę się założyć, że mam tego strasznie dużo, bo laptopa kupiłem na giełdzie komputerowej.

Załączam logi z SmitfraudFix i ComboFix. Powiedzcie mi jak mam te śmieci usunąć? Z góry dzięki!

SmitFraudFix v2.240 Scan done at 13:12:09,71, 2007-10-23 Run from C:\Documents and Settings\ibm\Pulpit\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\irdvxc.exe C:\WINDOWS\System32\urdvxc.exe C:\WINDOWS\VTTray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\System32\wbem\scrcons32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\a.exe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ibm »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ibm\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ibm\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieľĄca strona gˆ˘wna” »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/100 VE Network Connection - Sterownik miniport Harmonogramu pakietów DNS Server Search Order: 212.182.56.184 HKLM\SYSTEM\CCS\Services\Tcpip…{C0CDE590-7AF1-4399-BF57-EBB885BAAA21}: DhcpNameServer=212.182.56.184 HKLM\SYSTEM\CS1\Services\Tcpip…{C0CDE590-7AF1-4399-BF57-EBB885BAAA21}: DhcpNameServer=212.182.56.184 HKLM\SYSTEM\CS3\Services\Tcpip…{C0CDE590-7AF1-4399-BF57-EBB885BAAA21}: DhcpNameServer=212.182.56.184 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.182.56.184 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.182.56.184 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.182.56.184 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End ComboFix 07-10-23.2 - ibm 2007-10-23 13:18:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.327 [GMT 2:00] Running from: C:\Documents and Settings\ibm\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32.exe C:\WINDOWS\system32\a.exe . ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 13:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 13:12 3,758 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-23 13:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-23 13:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-23 13:11 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-23 13:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-23 13:11 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-22 08:23 44,495 --a------ C:\9r2h2z5l7v8.exe 2007-10-19 16:49 577,024 -r-hs---- C:\WINDOWS\VTTray.exe 2007-10-18 20:49 560,640 --ahs---- C:\WINDOWS\czsrv.exe 2007-10-16 17:56 2007-10-16 17:01 169,984 --ahs---- C:\WINDOWS\system32\urdvxc.exe 2007-10-16 16:13 107,008 --a------ C:\WINDOWS\system32\iea.dll 2007-10-16 16:13 24,576 --a------ C:\WINDOWS\system32\msgs7.exe 2007-10-15 15:54 2007-10-08 08:55 2007-10-02 14:28 57,344 --ahs---- C:\WINDOWS\system32\irdvxc.exe 2007-10-02 14:27 1,635 --a------ C:\WINDOWS\system32\mghpzk.exe 2007-10-02 14:27 1,635 --a------ C:\WINDOWS\system32\iagjkr.exe 2007-10-02 14:04 1,635 --a------ C:\WINDOWS\system32\ibbmwhd.exe 2007-10-02 13:26 2007-10-02 13:24 1,635 --a------ C:\WINDOWS\system32\wanth.exe 2007-10-02 13:24 1,635 --a------ C:\WINDOWS\system32\ljxk.exe 2007-10-02 13:21 2007-10-02 13:14 1,635 --a------ C:\WINDOWS\system32\fbtw.exe 2007-10-02 12:50 1,635 --a------ C:\WINDOWS\system32\vurx.exe 2007-10-02 12:48 1,635 --a------ C:\WINDOWS\system32\csqnzs.exe 2007-10-02 12:48 1,635 --a------ C:\WINDOWS\system32\batjneur.exe 2007-10-01 23:04 1,635 --a------ C:\WINDOWS\system32\aebfkhhs.exe 2007-10-01 22:43 1,635 --a------ C:\WINDOWS\system32\hbsjgsd.exe 2007-10-01 22:41 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-10-01 22:40 2007-10-01 22:36 2007-10-01 21:52 1,635 --a------ C:\WINDOWS\system32\sejnuf.exe 2007-10-01 19:51 1,635 --a------ C:\WINDOWS\system32\lbuwj.exe 2007-10-01 19:50 1,635 --a------ C:\WINDOWS\system32\joiv.exe 2007-10-01 19:47 2007-10-01 19:46 157,696 --a------ C:\WINDOWS\system32\unrar.dll 2007-10-01 19:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-10-01 19:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-10-01 18:14 2007-10-01 18:11 2007-10-01 18:11 2007-10-01 18:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-01 18:09 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2007-10-01 18:09 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-10-01 18:09 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll 2007-10-01 18:09 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-10-01 18:09 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll 2007-10-01 18:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-10-01 18:04 1,635 --a------ C:\WINDOWS\system32\ihoabea.exe 2007-10-01 18:02 2007-10-01 18:02 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-10-01 18:02 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-10-01 18:02 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-10-01 18:02 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-10-01 18:02 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-10-01 18:02 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-10-01 17:34 2007-10-01 17:31 2007-10-01 17:28 1,635 --a------ C:\WINDOWS\system32\pcuf.exe 2007-10-01 11:52 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-01 11:51 1,635 --a------ C:\WINDOWS\system32\swjesv.exe 2007-10-01 11:48 2007-10-01 11:48 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-30 16:42 30,568 --ah----- C:\WINDOWS\system32\qbolpsv.exe 2007-09-30 16:27 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE 2007-09-30 16:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-30 16:26 24,960 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-30 16:24 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL 2007-09-30 16:24 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe 2007-09-30 16:24 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL 2007-09-30 16:23 2007-09-30 16:23 2007-09-30 16:18 2007-09-30 12:51 2007-09-29 19:36 2007-09-25 16:20 1,396,831 --------- C:\WINDOWS\system32\AegisE5.dll 2007-09-25 16:20 369,024 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS 2007-09-25 16:20 192,512 --------- C:\WINDOWS\system32\AegisI5.exe 2007-09-25 16:20 184,320 --------- C:\WINDOWS\system32\BCMWLU00.EXE 2007-09-25 16:20 172,032 --------- C:\WINDOWS\system32\BCMLogon.dll 2007-09-25 16:20 81,920 --------- C:\WINDOWS\system32\wltrynt.dll 2007-09-25 16:20 69,632 --------- C:\WINDOWS\system32\BCMWLD2K.EXE 2007-09-25 16:20 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-09-25 16:15 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 10:38 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2007-10-23 10:38 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2007-10-17 16:25 169,984 ----a-w C:\WINDOWS\Help\bxhltkek.exe 2007-10-16 15:06 169,984 ----a-w C:\WINDOWS\Web\wcxnjhhj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\tsbjbtvn.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\jjlenkbt.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\jbnshhqj.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\hwexrtne.exe 2007-10-16 15:05 169,984 ----a-w C:\WINDOWS\Help\bzehxvnz.exe 2007-10-15 14:00 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-02 11:20 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{B08D32DE-64B2-4137-8345-87293E70D40B}] 2007-10-16 16:13 107008 --a------ C:\WINDOWS\System32\iea.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “S3TRAY2”=“S3Tray2.exe” [2001-10-11 22:32 C:\WINDOWS\system32\S3Tray2.exe] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2003-01-29 17:14] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2003-01-29 17:14] “ATIModeChange”=“Ati2mdxx.exe” [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] “BluetoothAuthenticationAgent”=“irprops.cpl” [2002-11-22 14:49 C:\WINDOWS\system32\irprops.cpl] “TPHOTKEY”=“C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe” [2003-01-24 17:37] “BMMLREF”=“C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE” [2003-01-17 01:32] “QCWLICON”=“C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE” [2003-03-27 02:06] “TPKMAPMN”=“C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe” [2003-02-17 00:30] “TP4EX”=“tp4ex.exe” [2002-09-04 01:05 C:\WINDOWS\system32\TP4EX.exe] “EZEJMNAP”=“C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe” [2002-12-24 02:01] “AGRSMMSG”=“AGRSMMSG.exe” [] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-01-16 11:52] “UC_SMB”="" [] “Broadcom Wireless Manager UI”=“C:\WINDOWS\System32\WLTRAY” [] “Spooler SubSystem App”=“C:\WINDOWS\System32\spooIsv.exe” [] “WMI Standard Event Consumer - Scripting”=“C:\WINDOWS\System32\wbem\scrcons32.exe” [2007-10-01 19:59] “Windows Explorer”=“C:\WINDOWS\System32\explorer.exe” [] “Windows Logon Application”=“C:\WINDOWS\System32\logon.exe” [] “Windows Network Firewall”=“C:\WINDOWS\System32\firewall.exe” [] “Intec Service Drivers”=“C:\WINDOWS\System32\wing32.exe” [] “Winamp Media”=“C:\WINDOWS\System32\qmedia.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-23 05:00] “WMI Standard Event Consumer - Scripting”=“C:\WINDOWS\System32\wbem\scrcons32.exe” [2007-10-01 19:59] “Winamp Media”=“C:\WINDOWS\System32\qmedia.exe” [] “Intec Service Drivers”=“C:\WINDOWS\System32\wing32.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “WMI Standard Event Consumer - Scripting”=C:\WINDOWS\System32\wbem\scrcons32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “WMI Standard Event Consumer - Scripting”=C:\WINDOWS\System32\wbem\scrcons32.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “WMI Standard Event Consumer - Scripting”=C:\WINDOWS\System32\wbem\scrcons32.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “WMI Standard Event Consumer - Scripting”=C:\WINDOWS\System32\wbem\scrcons32.exe “Winamp Media”=C:\WINDOWS\System32\qmedia.exe “Intec Service Drivers”=C:\WINDOWS\System32\wing32.exe “Messanger 7”=C:\WINDOWS\System32\msgs7.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “WMI Standard Event Consumer - Scripting”= C:\WINDOWS\System32\wbem\scrcons32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\drivers\IBMBLDID.SYS R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys R2 MSDisk;Network helper Service;“C:\WINDOWS\System32\irdvxc.exe” /service R2 MSWindows;Network Windows Service;“C:\WINDOWS\System32\urdvxc.exe” /service R2 s3contrl (32-bit);s3contrl (32-bit);“C:\WINDOWS\VTTray.exe” S3 PCDRDRV;Pcdr Helper Driver;??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys *Newly Created Service* - CATCHME . Contents of the ‘Scheduled Tasks’ folder “2007-08-21 14:01:34 C:\WINDOWS\Tasks\BMMTask.job” “2007-08-21 14:37:22 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 1.job” - C:\WINDOWS\System32\OOBE\oobebaln.exe “2007-08-21 14:37:23 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 2.job” “2007-08-21 14:37:23 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job” - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 13:18:48 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run Winamp Media = C:\WINDOWS\System32\qmedia.exe??t?e?m?3?2??u?x?t?h?e?m?e?.?d?l??@?wd??w?.?wK.?w?.?w?.?w???$???CX?w???(???p??w???.?w???B!!!@???/?w???w???w???j??w?-?w???_?w!!!@ HKCU\Software\Microsoft\Windows\CurrentVersion\Run Winamp Media = C:\WINDOWS\System32\qmedia.exe??t?e?m?3?2??u?x?t?h?e?m?e?.?d?l??@?wd??w?.?wK.?w?.?w?.?w???$???CX?w???(???p??w???.?w???B!!!@???/?w???w???w???j??w?-?w???_?w!!!@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-23 13:19:23 . — E O F —

jessica · 23 Październik 2007 14:35

Masz parszywą infekcję - już dużo jest do usuwania i na pewno jeszcze zaraz będzie więcej.

Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner

Ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Potem:

Wklej do Notatnika :

File::

C:\9r2h2z5l7v8.exe

C:\WINDOWS\czsrv.exe

C:\WINDOWS\system32\urdvxc.exe

C:\WINDOWS\system32\iea.dll

C:\WINDOWS\system32\msgs7.exe

C:\WINDOWS\system32\irdvxc.exe

C:\WINDOWS\system32\mghpzk.exe 

C:\WINDOWS\system32\iagjkr.exe 

C:\WINDOWS\system32\ibbmwhd.exe

C:\WINDOWS\system32\wanth.exe 

C:\WINDOWS\system32\ljxk.exe 

C:\Program Files\Common Files\Carlson 

C:\WINDOWS\system32\fbtw.exe 

C:\WINDOWS\system32\vurx.exe 

C:\WINDOWS\system32\csqnzs.exe 

C:\WINDOWS\system32\batjneur.exe 

C:\WINDOWS\system32\aebfkhhs.exe 

C:\WINDOWS\system32\hbsjgsd.exe

C:\WINDOWS\system32\sejnuf.exe 

C:\WINDOWS\system32\lbuwj.exe 

C:\WINDOWS\system32\joiv.exe

C:\WINDOWS\system32\ihoabea.exe

C:\WINDOWS\system32\pcuf.exe

C:\WINDOWS\system32\swjesv.exe

C:\WINDOWS\system32\qbolpsv.exe

C:\WINDOWS\Help\bxhltkek.exe 

C:\WINDOWS\Web\wcxnjhhj.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe 

C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe 

C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe 

C:\WINDOWS\Help\tsbjbtvn.exe 

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe 

C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe 

C:\WINDOWS\Help\jjlenkbt.exe 

C:\WINDOWS\Help\jbnshhqj.exe 

C:\WINDOWS\Help\hwexrtne.exe 

C:\WINDOWS\Help\bzehxvnz.exe

C:\WINDOWS\System32\wbem\scrcons32.exe


Driver::

MSDisk

MSWindows


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B08D32DE-64B2-4137-8345-87293E70D40B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UC_SMB"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spooler SubSystem App"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

WMI Standard Event Consumer - Scripting"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Explorer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Logon Application"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Network Firewall"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Intec Service Drivers"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Winamp Media"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMI Standard Event Consumer - Scripting"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Winamp Media"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Intec Service Drivers"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] 

"WMI Standard Event Consumer - Scripting"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] 

"WMI Standard Event Consumer - Scripting"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices] 

"WMI Standard Event Consumer - Scripting"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"WMI Standard Event Consumer - Scripting"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Winamp Media"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Intec Service Drivers"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

Messanger 7"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] 

"WMI Standard Event Consumer - Scripting"=-

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Daj ten log z ComboFixa.

jessi

Maciek111 · 23 Październik 2007 22:36

chyba mało pomogło log:

ComboFix 07-10-23.2 - ibm 2007-10-24 0:19:55.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.297 [GMT 2:00] Running from: C:\Documents and Settings\ibm\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\ibm\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\9r2h2z5l7v8.exe C:\Program Files\Common Files\Carlson C:\WINDOWS\czsrv.exe C:\WINDOWS\Help\bxhltkek.exe C:\WINDOWS\Help\bzehxvnz.exe C:\WINDOWS\Help\hwexrtne.exe C:\WINDOWS\Help\jbnshhqj.exe C:\WINDOWS\Help\jjlenkbt.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe C:\WINDOWS\Help\tsbjbtvn.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe C:\WINDOWS\system32\aebfkhhs.exe C:\WINDOWS\system32\batjneur.exe C:\WINDOWS\system32\csqnzs.exe C:\WINDOWS\system32\fbtw.exe C:\WINDOWS\system32\hbsjgsd.exe C:\WINDOWS\system32\iagjkr.exe C:\WINDOWS\system32\ibbmwhd.exe C:\WINDOWS\system32\iea.dll C:\WINDOWS\system32\ihoabea.exe C:\WINDOWS\system32\irdvxc.exe C:\WINDOWS\system32\joiv.exe C:\WINDOWS\system32\lbuwj.exe C:\WINDOWS\system32\ljxk.exe C:\WINDOWS\system32\mghpzk.exe C:\WINDOWS\system32\msgs7.exe C:\WINDOWS\system32\pcuf.exe C:\WINDOWS\system32\qbolpsv.exe C:\WINDOWS\system32\sejnuf.exe C:\WINDOWS\system32\swjesv.exe C:\WINDOWS\system32\urdvxc.exe C:\WINDOWS\system32\vurx.exe C:\WINDOWS\system32\wanth.exe C:\WINDOWS\System32\wbem\scrcons32.exe C:\WINDOWS\Web\wcxnjhhj.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\9r2h2z5l7v8.exe C:\WINDOWS\czsrv.exe C:\WINDOWS\Help\bxhltkek.exe C:\WINDOWS\Help\bzehxvnz.exe C:\WINDOWS\Help\hwexrtne.exe C:\WINDOWS\Help\jbnshhqj.exe C:\WINDOWS\Help\jjlenkbt.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe C:\WINDOWS\Help\tsbjbtvn.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe C:\WINDOWS\system32\aebfkhhs.exe C:\WINDOWS\system32\batjneur.exe C:\WINDOWS\system32\csqnzs.exe C:\WINDOWS\system32\fbtw.exe C:\WINDOWS\system32\hbsjgsd.exe C:\WINDOWS\system32\iagjkr.exe C:\WINDOWS\system32\ibbmwhd.exe C:\WINDOWS\system32\iea.dll C:\WINDOWS\system32\ihoabea.exe C:\WINDOWS\system32\irdvxc.exe C:\WINDOWS\system32\joiv.exe C:\WINDOWS\system32\lbuwj.exe C:\WINDOWS\system32\ljxk.exe C:\WINDOWS\system32\mghpzk.exe C:\WINDOWS\system32\msgs7.exe C:\WINDOWS\system32\pcuf.exe C:\WINDOWS\system32\qbolpsv.exe C:\WINDOWS\system32\sejnuf.exe C:\WINDOWS\system32\swjesv.exe C:\WINDOWS\system32\urdvxc.exe C:\WINDOWS\system32\vurx.exe C:\WINDOWS\system32\wanth.exe C:\WINDOWS\System32\wbem\scrcons32.exe C:\WINDOWS\Web\wcxnjhhj.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_MSDISK -------\LEGACY_MSWINDOWS -------\MSDisk -------\MSWindows ((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))) . 2007-10-23 13:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 13:12 3,758 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-23 13:11 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-23 13:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-23 13:11 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-23 13:11 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-23 13:11 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-19 16:49 577,024 -r-hs---- C:\WINDOWS\VTTray.exe 2007-10-16 17:56 2007-10-15 15:54 2007-10-08 08:55 2007-10-02 13:26 2007-10-02 13:21 2007-10-01 22:41 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-10-01 22:40 2007-10-01 22:36 2007-10-01 19:47 2007-10-01 19:46 157,696 --a------ C:\WINDOWS\system32\unrar.dll 2007-10-01 19:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-10-01 19:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-10-01 18:14 2007-10-01 18:11 2007-10-01 18:11 2007-10-01 18:11 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-01 18:09 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2007-10-01 18:09 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-10-01 18:09 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll 2007-10-01 18:09 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-10-01 18:09 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll 2007-10-01 18:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-10-01 18:02 2007-10-01 18:02 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-10-01 18:02 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-10-01 18:02 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-10-01 18:02 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-10-01 18:02 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-10-01 18:02 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-10-01 17:34 2007-10-01 17:31 2007-10-01 11:52 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-01 11:48 2007-10-01 11:48 0 --a------ C:\WINDOWS\nsreg.dat 2007-09-30 16:27 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE 2007-09-30 16:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-30 16:26 24,960 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-30 16:24 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL 2007-09-30 16:24 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe 2007-09-30 16:24 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL 2007-09-30 16:23 2007-09-30 16:23 2007-09-30 16:18 2007-09-30 12:51 2007-09-29 19:36 2007-09-25 16:20 1,396,831 --------- C:\WINDOWS\system32\AegisE5.dll 2007-09-25 16:20 369,024 --------- C:\WINDOWS\system32\drivers\BCMWL5.SYS 2007-09-25 16:20 192,512 --------- C:\WINDOWS\system32\AegisI5.exe 2007-09-25 16:20 184,320 --------- C:\WINDOWS\system32\BCMWLU00.EXE 2007-09-25 16:20 172,032 --------- C:\WINDOWS\system32\BCMLogon.dll 2007-09-25 16:20 81,920 --------- C:\WINDOWS\system32\wltrynt.dll 2007-09-25 16:20 69,632 --------- C:\WINDOWS\system32\BCMWLD2K.EXE 2007-09-25 16:20 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-09-25 16:15 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-15 14:00 --------- d–h--w C:\Program Files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “S3TRAY2”=“S3Tray2.exe” [2001-10-11 22:32 C:\WINDOWS\system32\S3Tray2.exe] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2003-01-29 17:14] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2003-01-29 17:14] “ATIModeChange”=“Ati2mdxx.exe” [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe] “BluetoothAuthenticationAgent”=“irprops.cpl” [2002-11-22 14:49 C:\WINDOWS\system32\irprops.cpl] “TPHOTKEY”=“C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe” [2003-01-24 17:37] “BMMLREF”=“C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE” [2003-01-17 01:32] “QCWLICON”=“C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE” [2003-03-27 02:06] “TPKMAPMN”=“C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe” [2003-02-17 00:30] “TP4EX”=“tp4ex.exe” [2002-09-04 01:05 C:\WINDOWS\system32\TP4EX.exe] “EZEJMNAP”=“C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe” [2002-12-24 02:01] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-01-16 11:52] “WMI Standard Event Consumer - Scripting”=“C:\WINDOWS\System32\wbem\scrcons32.exe” [] “Intec Service Drivers”=“C:\WINDOWS\System32\wing32.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “@”="" [] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-23 05:00] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Messanger 7”=C:\WINDOWS\System32\msgs7.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\drivers\IBMBLDID.SYS R1 TPPWR;TPPWR;C:\WINDOWS\System32\drivers\Tppwr.sys R2 s3contrl (32-bit);s3contrl (32-bit);“C:\WINDOWS\VTTray.exe” S3 PCDRDRV;Pcdr Helper Driver;??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys . Contents of the ‘Scheduled Tasks’ folder “2007-08-21 14:01:34 C:\WINDOWS\Tasks\BMMTask.job” “2007-08-21 14:37:22 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 1.job” - C:\WINDOWS\System32\OOBE\oobebaln.exe “2007-08-21 14:37:23 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 2.job” “2007-08-21 14:37:23 C:\WINDOWS\Tasks\Przypomnienie o rejestracji 3.job” - C:\WINDOWS\System32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 00:23:34 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-24 0:31:17 - machine was rebooted C:\ComboFix2.txt … 2007-10-23 13:19 . — E O F —

Gutek · 23 Październik 2007 22:38

Pobierz program SDFix

Maciek111 · 23 Październik 2007 23:37

usunęło, ale nie wiem, czy wszystko:

SDFix: Version 1.111 Run by Administrator on 2007-10-24 at 01:07 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: s3contrl (32-bit) ImagePath: “C:\WINDOWS\VTTray.exe” s3contrl (32-bit) - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp Found C:\WINDOWS\system32\Microsoft\backup.tftp Found Checking files: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp Dummy: C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found Final Check: Genuine: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Dummy: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\9R2H2Z~1.EXE - Deleted C:\Program Files\Common Files\Carlson\carlton - Deleted C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted C:\WINDOWS\system32\o - Deleted C:\WINDOWS\system32\winIogon.exe - Deleted C:\WINDOWS\VTTray.exe - Deleted Folder C:\Program Files\Common Files\Carlson - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 23 Oct 2007 731,648 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL0004.tmp” Mon 22 Oct 2007 717,312 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL2958.tmp” Mon 22 Oct 2007 708,608 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3042.tmp” Mon 22 Oct 2007 708,608 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3488.tmp” Mon 22 Oct 2007 696,832 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3579.tmp” Mon 22 Oct 2007 703,488 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3640.tmp” Mon 22 Oct 2007 708,608 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3715.tmp” Mon 22 Oct 2007 708,608 …H. — “C:\Documents and Settings\ibm\Pulpit~WRL3801.tmp” Wed 3 Oct 2007 0 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP10\A0002984.exe” Thu 4 Oct 2007 63,488 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP10\A0003003.exe” Mon 8 Oct 2007 50,176 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP10\A0003020.exe” Mon 8 Oct 2007 0 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP10\A0003040.exe” Tue 9 Oct 2007 57,344 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP10\A0003060.exe” Wed 10 Oct 2007 50,176 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP11\A0003161.exe” Mon 15 Oct 2007 0 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP12\A0003194.exe” Tue 16 Oct 2007 169,984 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP14\A0003243.exe” Fri 19 Oct 2007 0 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP15\A0003396.exe” Mon 1 Oct 2007 13,260 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP8\A0002926.exe” Tue 2 Oct 2007 57,344 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP8\A0002942.exe” Tue 2 Oct 2007 50,176 A.SH. — “C:\System Volume Information_restore{467ECFCA-091A-41C8-B97A-AB1BB05E2398}\RP9\A0002972.exe” Finished!

Gutek · 24 Październik 2007 05:02

Daj nowy log z Combo