Problem z kompem

Patrzyk121 · 15 Sierpień 2008 14:09

Mam problem komp mi strasznie zwolnil po tym jak sciagnolem jakis sterownik do ogladania filmikow z neta, przeskanowalem kompa kasperskim to wykrył jeden zawirusowany plik ale to nie pomoglo, do tego jak odpalam menadzera zadan to w kolumnie nazwa uzytkownika prz procesach jest pusto.

log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:50, on 2008-08-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\wdfmgr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINNT\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINNT\system32\RunDLL32.exe C:\Program Files\Netia\Net\netianet.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINNT\System32\alg.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Opera\opera.exe C:\WINNT\system32\taskmgr.exe C:\Documents and Settings\XXX\Pulpit\HijackThis.exe C:\WINNT\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 216.107.250.194 nprotect.lineage2.com O1 - Hosts: 78.46.49.43 l2testauthd.lineage2.com O1 - Hosts: 78.46.49.43 l2authd.lineage2.com O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM…\Run: [C] C:\WINNT\system32\kdaua.exe O4 - HKCU…\Run: [steam] “c:\progra~1\valve\steam\steam.exe” -silent O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKLM…\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM…\Policies\Explorer\Run: [this] C:\Program Files\Applications\wcs.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’) O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 8260797800 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … eqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip…{0CCE443A-4AC3-499E-A014-060E87070E7B}: NameServer = 213.241.79.37 83.238.255.76 O17 - HKLM\System\CS4\Services\Tcpip…{0CCE443A-4AC3-499E-A014-060E87070E7B}: NameServer = 213.241.79.37 83.238.255.76 O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINNT\system32\eeioq.dll (file missing) O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINNT\system32\bgsvcgen.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe – End of file - 7451 bytes

spandaupol · 15 Sierpień 2008 14:44

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing) O4 - HKLM…\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM…\Policies\Explorer\Run: [this] C:\Program Files\Applications\wcs.exe

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

Patrzyk121 · 15 Sierpień 2008 16:03

oto logi tak jak prosiles

z combo fix’a

ComboFix 08-08-14.05 - XXX 2008-08-15 17:27:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.663 [GMT 2:00] Running from: C:\Documents and Settings\XXX\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\XXX\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\Program Files\Applications\wcs.exe C:\Program Files\NetProject\sbmntr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\XXX\Ulubione\Online Security Test.url C:\WINNT\BMa75c6e63.txt C:\WINNT\BMa75c6e63.xml C:\WINNT\pskt.ini C:\WINNT\system32\dayimbjt.ini C:\WINNT\system32\hgGvtttu.dll C:\WINNT\system32\kdaua.exe C:\WINNT\system32\ltpdqnps.exe C:\WINNT\system32\MSINET.oca C:\WINNT\system32\tjbmiyad.dll C:\WINNT\system32\utttvGgh.ini C:\WINNT\system32\utttvGgh.ini2 C:\WINNT\system32\ynyidjde.dll . ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 17:49 . 2008-08-15 17:49 2008-08-15 17:49 . 2008-08-15 17:49 2008-08-15 14:00 . 2008-08-15 14:17 2008-08-14 11:22 . 2008-08-14 11:22 2008-08-14 11:18 . 2003-06-22 18:00 25,856 -ra------ C:\WINNT\system32\drivers\ulusba.sys 2008-08-14 11:17 . 2003-07-23 18:00 33,920 -ra------ C:\WINNT\system32\drivers\ulusbo.sys 2008-08-14 11:16 . 2003-06-22 18:00 36,352 -ra------ C:\WINNT\system32\drivers\ulusbm.sys 2008-08-14 11:15 . 2003-06-22 18:00 43,264 -ra------ C:\WINNT\system32\drivers\ulusbc.sys 2008-08-14 11:15 . 2003-06-22 18:00 12,928 -ra------ C:\WINNT\system32\drivers\ulusbe.sys 2008-08-08 17:39 . 2004-08-04 00:44 159,232 --a------ C:\WINNT\system32\ptpusd.dll 2008-08-08 17:39 . 2001-10-26 17:29 5,632 --a------ C:\WINNT\system32\ptpusb.dll 2008-08-08 17:33 . 2005-04-30 17:09 57,344 --------- C:\WINNT\system32\GenSvcInst.exe 2008-08-08 17:33 . 2005-05-01 14:41 49,152 --------- C:\WINNT\system32\setupsvc.dll 2008-08-08 17:33 . 2005-05-11 00:33 32,256 --------- C:\WINNT\system32\drivers\cdrbsdrv.sys 2008-08-08 17:32 . 2008-08-08 17:32 2008-08-08 17:30 . 2008-08-08 17:39 2008-08-08 17:29 . 2008-08-08 17:29 2008-08-08 17:29 . 2008-08-08 18:23 2008-08-08 17:29 . 2003-09-03 16:45 274,432 --a------ C:\WINNT\system32\FFTIFF16.dll 2008-08-08 17:29 . 2006-07-12 14:39 208,896 --a------ C:\WINNT\system32\FFRafShellEx.dll 2008-08-08 17:29 . 2004-07-24 21:28 155,648 --a------ C:\WINNT\system32\FFRAFLIB.DLL 2008-08-08 17:29 . 2001-11-25 13:11 81,924 --------- C:\WINNT\system32\drivers\VC4CB104.SYS 2008-08-08 17:29 . 2002-02-05 18:33 69,632 --------- C:\WINNT\system32\FREGSHEX.DLL 2008-08-08 17:29 . 2002-02-27 13:27 65,536 --------- C:\WINNT\system32\FINFCHECK.dll 2008-08-08 17:29 . 2002-06-25 10:06 45,056 --------- C:\WINNT\system32\FINFCOPY.dll 2008-08-08 17:29 . 2002-02-13 12:00 45,056 --------- C:\WINNT\system32\FCLKBTN.DLL 2008-07-27 08:15 . 2008-07-27 08:15 23,392 --a------ C:\WINNT\system32\nscompat.tlb 2008-07-27 08:15 . 2008-07-27 08:15 16,832 --a------ C:\WINNT\system32\amcompat.tlb 2008-07-26 19:40 . 2008-07-26 19:40 2008-07-24 12:52 . 2008-07-24 12:52 2008-07-23 22:26 . 2008-07-23 22:26 2008-07-21 18:40 . 2008-07-21 23:21 2008-07-21 12:25 . 2003-10-27 15:06 89,360 -ra------ C:\WINNT\system32\VB5DB.DLL 2008-07-21 12:25 . 2003-10-27 15:06 69,632 -ra------ C:\WINNT\system32\xmltok.dll 2008-07-21 12:25 . 2003-10-27 15:06 36,864 -ra------ C:\WINNT\system32\xmlparse.dll 2008-07-21 12:25 . 2003-10-27 15:06 35,840 -ra------ C:\WINNT\system32\comdlg32.oca 2008-07-21 12:25 . 2003-10-27 15:06 26,096 -ra------ C:\WINNT\system32\xmlinst.exe 2008-07-21 12:25 . 2003-10-27 15:06 24,576 -ra------ C:\WINNT\system32\msxml3a.dll 2008-07-17 15:42 . 2008-07-18 11:56 164 --a------ C:\WINNT\wcx_ftp.ini 2008-07-17 15:41 . 2008-07-17 15:41 2008-07-17 15:41 . 2008-07-18 12:15 1,294 --a------ C:\WINNT\wincmd.ini 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\UC.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\RAR.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\PKZIP.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\PKUNZIP.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\NOCLOSE.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\LHA.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-15 15:49 640,032 --sha-w C:\WINNT\system32\drivers\fidbox2.dat 2008-08-15 15:49 28,134,432 --sha-w C:\WINNT\system32\drivers\fidbox.dat 2008-08-15 15:48 61,004 --sha-w C:\WINNT\system32\drivers\fidbox2.idx 2008-08-15 15:48 377,780 --sha-w C:\WINNT\system32\drivers\fidbox.idx 2008-08-15 14:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-15 12:00 --------- d-----w C:\Program Files\Opera 2008-08-14 15:30 --------- d-----w C:\Program Files\AIMP2 2008-08-14 13:20 --------- d-----w C:\Program Files\Warcraft III 2008-08-08 16:16 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Image Zone Express 2008-08-08 15:32 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-08-06 16:26 96,976 ----a-w C:\WINNT\system32\drivers\klin.dat 2008-08-05 01:15 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\BearShare 2008-08-04 10:51 --------- d-----w C:\Program Files\GALA-NET 2008-07-26 15:23 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Azureus 2008-07-23 17:17 87,855 ----a-w C:\WINNT\system32\drivers\klick.dat 2008-07-23 08:06 --------- d-----w C:\Program Files\Ubisoft 2008-07-19 17:25 --------- d-----w C:\Program Files\Java 2008-07-13 22:21 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-07-13 20:39 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys 2008-07-11 15:31 --------- d-----w C:\Program Files\Bethesda Softworks 2008-07-10 14:35 4,096 ----a-w C:\WINNT\system32\drivers\nocashio.sys 2008-07-09 02:03 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys 2008-07-09 02:03 103,736 ----a-w C:\WINNT\system32\PnkBstrB.exe 2008-07-02 18:54 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Hamachi 2008-06-30 14:24 108,144 ----a-w C:\WINNT\system32\CmdLineExt.dll 2008-06-27 07:26 12,800 ----a-w C:\WINNT\system32\WinG32.dll 2008-06-22 12:32 --------- d-----w C:\Program Files\Azureus 2008-06-20 10:13 20,480 ----a-w C:\WINNT\CDP_Uninst.exe 2008-05-25 17:15 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll 2008-03-25 12:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-03-26 05:28 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“c:\progra~1\valve\steam\steam.exe” [2008-03-28 15:09 1271032] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392] “DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-04 17:01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38 866816] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41 49152] “NvCplDaemon”=“C:\WINNT\system32\NvCpl.dll” [2007-12-05 02:41 8523776] “NeroFilterCheck”=“C:\WINNT\system32\NeroCheck.exe” [2006-01-12 17:40 155648] “NETIANET”=“C:\Program Files\Netia\Net\netianet.exe” [2008-03-09 07:30 493568] “REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.EXE” [2002-02-04 22:32 53248] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2008-02-08 18:36 227856] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINNT\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2007-02-26 09:03 16125440 C:\WINNT\RTHDCPL.EXE] “nwiz”=“nwiz.exe” [2007-12-05 02:41 1626112 C:\WINNT\system32\nwiz.exe] “Tweak UI”=“TWEAKUI.CPL” [2003-03-25 06:49 106544 C:\WINNT\system32\tweakui.cpl] “NvMediaCenter”=“NvMCTray.dll” [2007-12-05 02:41 81920 C:\WINNT\system32\nvmctray.dll] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINNT\system32\CTFMON.EXE” [2004-08-04 02:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-08-08 17:29:57 303104] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm “vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL “vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll “vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll “vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll “vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] “UpdatesDisableNotify”=dword:00000001 “AntiVirusOverride”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\EA GAMES\Battlefield 2\BF2.exe”= “C:\Program Files\Valve\Steam\SteamApps\twoface12\counter-strike\hl.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”= “C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”= “C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”= “C:\WINNT\system32\PnkBstrA.exe”= “C:\WINNT\system32\PnkBstrB.exe”= “C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe”= R0 videX32;videX32;C:\WINNT\system32\DRIVERS\videX32.sys [2006-10-17 14:22] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 gAGP440p;gAGP440p;C:\DOCUME~1\XXX\USTAWI~1\Temp\gAGP440p.sys [] S3 ulusba;NEC 616 Command Port Driver;C:\WINNT\system32\DRIVERS\ulusba.sys [2003-06-22 18:00] S3 ulusbc;NEC 616 CONTROL Driver;C:\WINNT\system32\DRIVERS\ulusbc.sys [2003-06-22 18:00] S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINNT\system32\DRIVERS\ulusbe.sys [2003-06-22 18:00] S3 ulusbm;NEC 616 Modem Driver;C:\WINNT\system32\DRIVERS\ulusbm.sys [2003-06-22 18:00] S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINNT\system32\DRIVERS\ulusbo.sys [2003-07-23 18:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0fa41ef1-4e4e-11dd-8b11-000e50b18d6f}] \Shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{297d883c-b2cc-11dc-8be1-000e50b18d6f}] \Shell\AutoRun\command - G:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab065b48-0dff-11dd-a8b4-000e50b18d6f}] \Shell\AutoRun\command - G:\ \Shell\open\Command - rundll32.exe .\desktop.dll,InstallM . - - - - ORPHANS REMOVED - - - - HKLM-Run-BMa75c6e63 - C:\WINNT\system32\ynyidjde.dll HKLM-Run-a46f5dff - C:\WINNT\system32\tjbmiyad.dll Notify-ssqrqNGw - ssqrqNGw.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 17:50:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\PnkBstrA.exe C:\WINNT\system32\wdfmgr.exe C:\WINNT\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINNT\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-08-15 17:58:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 15:58:31 Pre-Run: 17,667,952,640 bajtów wolnych Post-Run: 18,116,804,608 bajt˘w wolnych 223 a to log z HijackThis’a Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:36, on 2008-08-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\PnkBstrA.exe C:\WINNT\system32\svchost.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINNT\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINNT\system32\RunDLL32.exe C:\Program Files\Netia\Net\netianet.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINNT\explorer.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\XXX\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM…\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe -auto O4 - HKLM…\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU…\Run: [steam] “c:\progra~1\valve\steam\steam.exe” -silent O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘Default user’) O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 8260797800 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … eqlab2.cab O17 - HKLM\System\CCS\Services\Tcpip…{0CCE443A-4AC3-499E-A014-060E87070E7B}: NameServer = 213.241.79.37 83.238.255.76 O17 - HKLM\System\CS4\Services\Tcpip…{0CCE443A-4AC3-499E-A014-060E87070E7B}: NameServer = 213.241.79.37 83.238.255.76 O17 - HKLM\System\CS5\Services\Tcpip…{0CCE443A-4AC3-499E-A014-060E87070E7B}: NameServer = 213.241.79.37 83.238.255.76 O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: B’s Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINNT\system32\bgsvcgen.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe – End of file - 5874 bytes dzieki za pomoc

spandaupol · 15 Sierpień 2008 16:15

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

Patrzyk121 · 15 Sierpień 2008 16:47

kolejny log

ComboFix 08-08-14.05 - XXX 2008-08-15 18:27:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.503 [GMT 2:00] Running from: C:\Documents and Settings\XXX\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\XXX\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GAGP440P -------\Service_gAGP440p ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 18:18 . 2006-06-02 21:34 33,792 -----c— C:\WINNT\system32\dllcache\custsat.dll 2008-08-15 17:49 . 2008-08-15 17:49 2008-08-15 17:49 . 2008-08-15 17:49 2008-08-15 14:00 . 2008-08-15 14:17 2008-08-14 11:22 . 2008-08-14 11:22 2008-08-14 11:18 . 2003-06-22 18:00 25,856 -ra------ C:\WINNT\system32\drivers\ulusba.sys 2008-08-14 11:17 . 2003-07-23 18:00 33,920 -ra------ C:\WINNT\system32\drivers\ulusbo.sys 2008-08-14 11:16 . 2003-06-22 18:00 36,352 -ra------ C:\WINNT\system32\drivers\ulusbm.sys 2008-08-14 11:15 . 2003-06-22 18:00 43,264 -ra------ C:\WINNT\system32\drivers\ulusbc.sys 2008-08-14 11:15 . 2003-06-22 18:00 12,928 -ra------ C:\WINNT\system32\drivers\ulusbe.sys 2008-08-08 17:39 . 2004-08-04 00:44 159,232 --a------ C:\WINNT\system32\ptpusd.dll 2008-08-08 17:39 . 2001-10-26 17:29 5,632 --a------ C:\WINNT\system32\ptpusb.dll 2008-08-08 17:33 . 2005-04-30 17:09 57,344 --------- C:\WINNT\system32\GenSvcInst.exe 2008-08-08 17:33 . 2005-05-01 14:41 49,152 --------- C:\WINNT\system32\setupsvc.dll 2008-08-08 17:33 . 2005-05-11 00:33 32,256 --------- C:\WINNT\system32\drivers\cdrbsdrv.sys 2008-08-08 17:32 . 2008-08-08 17:32 2008-08-08 17:30 . 2008-08-08 17:39 2008-08-08 17:29 . 2008-08-08 17:29 2008-08-08 17:29 . 2008-08-08 18:23 2008-08-08 17:29 . 2003-09-03 16:45 274,432 --a------ C:\WINNT\system32\FFTIFF16.dll 2008-08-08 17:29 . 2006-07-12 14:39 208,896 --a------ C:\WINNT\system32\FFRafShellEx.dll 2008-08-08 17:29 . 2004-07-24 21:28 155,648 --a------ C:\WINNT\system32\FFRAFLIB.DLL 2008-08-08 17:29 . 2001-11-25 13:11 81,924 --------- C:\WINNT\system32\drivers\VC4CB104.SYS 2008-08-08 17:29 . 2002-02-05 18:33 69,632 --------- C:\WINNT\system32\FREGSHEX.DLL 2008-08-08 17:29 . 2002-02-27 13:27 65,536 --------- C:\WINNT\system32\FINFCHECK.dll 2008-08-08 17:29 . 2002-06-25 10:06 45,056 --------- C:\WINNT\system32\FINFCOPY.dll 2008-08-08 17:29 . 2002-02-13 12:00 45,056 --------- C:\WINNT\system32\FCLKBTN.DLL 2008-07-27 08:15 . 2008-07-27 08:15 23,392 --a------ C:\WINNT\system32\nscompat.tlb 2008-07-27 08:15 . 2008-07-27 08:15 16,832 --a------ C:\WINNT\system32\amcompat.tlb 2008-07-26 19:40 . 2008-07-26 19:40 2008-07-24 12:52 . 2008-07-24 12:52 2008-07-23 22:26 . 2008-07-23 22:26 2008-07-21 18:40 . 2008-07-21 23:21 2008-07-21 12:25 . 2003-10-27 15:06 89,360 -ra------ C:\WINNT\system32\VB5DB.DLL 2008-07-21 12:25 . 2003-10-27 15:06 69,632 -ra------ C:\WINNT\system32\xmltok.dll 2008-07-21 12:25 . 2003-10-27 15:06 36,864 -ra------ C:\WINNT\system32\xmlparse.dll 2008-07-21 12:25 . 2003-10-27 15:06 35,840 -ra------ C:\WINNT\system32\comdlg32.oca 2008-07-21 12:25 . 2003-10-27 15:06 26,096 -ra------ C:\WINNT\system32\xmlinst.exe 2008-07-21 12:25 . 2003-10-27 15:06 24,576 -ra------ C:\WINNT\system32\msxml3a.dll 2008-07-17 15:42 . 2008-07-18 11:56 164 --a------ C:\WINNT\wcx_ftp.ini 2008-07-17 15:41 . 2008-07-17 15:41 2008-07-17 15:41 . 2008-07-18 12:15 1,294 --a------ C:\WINNT\wincmd.ini 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\UC.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\RAR.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\PKZIP.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\PKUNZIP.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\NOCLOSE.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\LHA.PIF 2008-07-17 15:41 . 2008-04-22 07:03 545 --a------ C:\WINNT\ARJ.PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-15 16:36 647,456 --sha-w C:\WINNT\system32\drivers\fidbox2.dat 2008-08-15 16:36 28,216,864 --sha-w C:\WINNT\system32\drivers\fidbox.dat 2008-08-15 16:35 61,700 --sha-w C:\WINNT\system32\drivers\fidbox2.idx 2008-08-15 16:35 378,908 --sha-w C:\WINNT\system32\drivers\fidbox.idx 2008-08-15 15:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-15 12:00 --------- d-----w C:\Program Files\Opera 2008-08-14 15:30 --------- d-----w C:\Program Files\AIMP2 2008-08-14 13:20 --------- d-----w C:\Program Files\Warcraft III 2008-08-08 16:16 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Image Zone Express 2008-08-08 15:32 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-08-06 16:26 96,976 ----a-w C:\WINNT\system32\drivers\klin.dat 2008-08-05 01:15 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\BearShare 2008-08-04 10:51 --------- d-----w C:\Program Files\GALA-NET 2008-07-26 15:23 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Azureus 2008-07-23 17:17 87,855 ----a-w C:\WINNT\system32\drivers\klick.dat 2008-07-23 08:06 --------- d-----w C:\Program Files\Ubisoft 2008-07-19 17:25 --------- d-----w C:\Program Files\Java 2008-07-13 22:21 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-07-13 20:39 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys 2008-07-11 15:31 --------- d-----w C:\Program Files\Bethesda Softworks 2008-07-10 14:35 4,096 ----a-w C:\WINNT\system32\drivers\nocashio.sys 2008-07-09 02:03 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys 2008-07-09 02:03 103,736 ----a-w C:\WINNT\system32\PnkBstrB.exe 2008-07-02 18:54 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Hamachi 2008-06-30 14:24 108,144 ----a-w C:\WINNT\system32\CmdLineExt.dll 2008-06-27 07:26 12,800 ----a-w C:\WINNT\system32\WinG32.dll 2008-06-22 12:32 --------- d-----w C:\Program Files\Azureus 2008-06-20 10:13 20,480 ----a-w C:\WINNT\CDP_Uninst.exe 2008-05-25 17:15 43,520 ----a-w C:\WINNT\system32\CmdLineExt03.dll 2008-03-25 12:36 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-03-26 05:28 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“c:\progra~1\valve\steam\steam.exe” [2008-03-28 15:09 1271032] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392] “DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-04 17:01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38 866816] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41 49152] “NvCplDaemon”=“C:\WINNT\system32\NvCpl.dll” [2007-12-05 02:41 8523776] “NeroFilterCheck”=“C:\WINNT\system32\NeroCheck.exe” [2006-01-12 17:40 155648] “NETIANET”=“C:\Program Files\Netia\Net\netianet.exe” [2008-03-09 07:30 493568] “REGSHAVE”=“C:\Program Files\REGSHAVE\REGSHAVE.EXE” [2002-02-04 22:32 53248] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2008-02-08 18:36 227856] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINNT\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2007-02-26 09:03 16125440 C:\WINNT\RTHDCPL.EXE] “nwiz”=“nwiz.exe” [2007-12-05 02:41 1626112 C:\WINNT\system32\nwiz.exe] “Tweak UI”=“TWEAKUI.CPL” [2003-03-25 06:49 106544 C:\WINNT\system32\tweakui.cpl] “NvMediaCenter”=“NvMCTray.dll” [2007-12-05 02:41 81920 C:\WINNT\system32\nvmctray.dll] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINNT\system32\CTFMON.EXE” [2004-08-04 02:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-08-08 17:29:57 303104] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm “vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL “vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll “vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll “vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll “vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll “vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] “UpdatesDisableNotify”=dword:00000001 “AntiVirusOverride”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\EA GAMES\Battlefield 2\BF2.exe”= “C:\Program Files\Valve\Steam\SteamApps\twoface12\counter-strike\hl.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”= “C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”= “C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”= “C:\WINNT\system32\PnkBstrA.exe”= “C:\WINNT\system32\PnkBstrB.exe”= “C:\Program Files\Ubisoft\Heroes of Might and Magic V\bina1\H5_Game.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= R0 videX32;videX32;C:\WINNT\system32\DRIVERS\videX32.sys [2006-10-17 14:22] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 ulusba;NEC 616 Command Port Driver;C:\WINNT\system32\DRIVERS\ulusba.sys [2003-06-22 18:00] S3 ulusbc;NEC 616 CONTROL Driver;C:\WINNT\system32\DRIVERS\ulusbc.sys [2003-06-22 18:00] S3 ulusbe;NEC 616 ENUMERATION Driver;C:\WINNT\system32\DRIVERS\ulusbe.sys [2003-06-22 18:00] S3 ulusbm;NEC 616 Modem Driver;C:\WINNT\system32\DRIVERS\ulusbm.sys [2003-06-22 18:00] S3 ulusbo;NEC 616 OBEX Port Driver;C:\WINNT\system32\DRIVERS\ulusbo.sys [2003-07-23 18:00] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 18:36:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\PnkBstrA.exe C:\WINNT\system32\wdfmgr.exe C:\WINNT\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\WINNT\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-08-15 18:44:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 16:44:31 Pre-Run: 18,041,237,504 bajtów wolnych Post-Run: 18,036,035,584 bajt˘w wolnych 200 mam nadzieje ze taraz juz jest wszystko ok z moim kompem

spandaupol · 15 Sierpień 2008 16:52

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!