Program szpiegujący?

gruba84 · 22 Listopad 2007 01:25

Proszę o pomoc w usunięciu programów szpiegujących lub podglądających. Odinstalowałam program up look agent ale w logu widzę dalej jakieś procesy tegoż programu, nie wiem na ile sa one aktywne. Proszę również o informacje czy są w moim komputerze inne programy tego typu

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:06:08, on 2007-11-22 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\config\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe D:\Spyware Doctor\svcntaux.exe D:\Spyware Doctor\swdsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\inf\svchost.exe C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\WINNT\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Spyware Doctor\SDTrayApp.exe C:\WINNT\system32\internat.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\program files\internet explorer\iexplore.exe C:\Program Files\OpenOffice.ux.pl 2.2.0\program\soffice.exe C:\Program Files\OpenOffice.ux.pl 2.2.0\program\soffice.BIN C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\foobar2000\foobar2000.exe C:\WINDOWS\system32\config\SVCHOST.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nb4f.com.cn R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nb4f.com.cn R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [sDTray] “D:\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [internat.exe] internat.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM…\Policies\Explorer\Run: [userinit] C:\WINNT\system32\inf\svchost.exe C:\WINNT\system32\lwisys16_071120.dll start O4 - HKUS.DEFAULT…\Run: [internat.exe] internat.exe (User ‘Default user’) O4 - HKUS.DEFAULT…\Run: [Picasa Media Detector] D:\Picasa2\PicasaMediaDetector.exe (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User ‘Default user’) O4 - Startup: OpenOffice.ux.pl 2.2.0.lnk = C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{89FA99F2-6DE6-4DF7-B315-22FABF6D694C}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Network Driver Helper (CCProxy(C…Program Files.Common Files.config.svchost.exe)) - Unknown owner - C:\Program Files\Common Files\config\svchost.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe O23 - Service: uplook execute command - Unknown owner - \192.168.1.46\ADMIN$\upexec.exe (file missing) O23 - Service: Network Provisioning Services (Windowsclients) - Unknown owner - C:\WINDOWS\system32\config\SVCHOST.EXE O23 - Service: winlogon - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\winlogon.exe (file missing)

–

End of file - 5916 bytes

Gutek · 22 Listopad 2007 17:17

Najpierw automat -

Pobierz program SDFix

gruba84 · 22 Listopad 2007 18:35

zgodnie z instrukcjami (przynajmniej mam taką nadzieję) zamieszczam raport

Gutek · 22 Listopad 2007 21:32

Daj log z ComboFix

gruba84 · 22 Listopad 2007 22:08

wklejam loga z programu combofix aczkolwiek jest to nieznane mi narzędzie wiec z gory przepraszam jesli nie wkleiłam tego w odpowiedni sposób (wklejam wiec całość)

ComboFix 07-11-19.3 - Administrator 2007-11-22 23:01:43.1 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1045.18.10 [GMT 1:00] Running from: D:\ComboFix.exe . ADS - svchost.exe: deleted 68 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINNT\mwinsys.ini C:\WINNT\server.exe C:\WINNT\System\AlxRes071109.exe C:\WINNT\system32\inf\scrsys071109.scr C:\WINNT\system32\inf\scrsys071121.scr C:\WINNT\system32\inf\scrsys16_071109.dll C:\WINNT\system32\inf\scrsys16_071121.dll C:\WINNT\system32\mywebhit.ini C:\WINNT\system32\winsys16_071109.dll C:\WINNT\system32\winsys32_071109.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_IPRIP -------\LEGACY_NWSAPAGENT -------\LEGACY_SYSTEM32 -------\LEGACY_WINDOWS_0 ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))) . 2007-11-22 19:20 2007-11-22 19:14 204,800 --a------ C:\WINNT\system32\mwisys32_071121.dll 2007-11-22 19:14 104,308 --a------ C:\WINNT\system\slxpes071121.exe 2007-11-22 19:14 25,088 --a------ C:\WINNT\system32\lwisys16_071121.dll 2007-11-22 02:01 2007-11-22 01:58 2007-11-22 01:58 313,344 —hs---- C:\WINNT\system32\sasa.exe 2007-11-22 01:57 1,051 --a------ C:\WINNT\home.vbs 2007-11-20 00:46 204,288 --a------ C:\WINNT\system32\mwisys32_071120.dll 2007-11-18 17:16 118,784 --a------ C:\WINNT\lee.exe 2007-11-15 20:17 2007-11-15 14:00 7,844 --ah----- C:\WINNT\system32\mlfcache.dat 2007-11-15 13:16 2007-11-15 12:03 2007-11-11 13:04 2007-11-11 13:02 2007-11-11 13:02 462,848 --a------ C:\WINNT\system32\msaatext.dll 2007-11-11 13:02 360,448 --a------ C:\WINNT\system32\oleacc.dll 2007-11-11 13:02 356,352 --a------ C:\WINNT\system32\oleaccrc.dll 2007-11-11 13:02 356,352 --a–c— C:\WINNT\system32\dllcache\oleaccrc.dll 2007-11-11 10:07 185 --a------ C:\WINNT\system32\mywehit.ini 2007-11-09 12:14 2007-11-08 12:59 2007-11-07 18:06 77,824 --a------ C:\ad.exe 2007-11-07 09:58 1,712,128 --a------ C:\WINNT\system32\gdiplus.dll 2007-11-05 23:12 63,421 --a------ C:\WINNT\system32\luqnjn.drv 2007-11-05 22:23 2007-11-05 22:23 2007-11-05 21:39 2007-11-05 21:38 2007-11-05 20:39 1,044 --a------ C:\WINNT\run.vbs 2007-11-05 20:39 1 --a------ C:\WINNT\system32\00049932.ini 2007-11-05 18:13 2,174,976 -----c— C:\WINNT\system32\dllcache\wmvcore.dll 2007-11-05 12:27 1,156 --a------ C:\WINNT\mozver.dat 2007-11-05 12:11 2007-11-05 12:06 2007-11-05 12:03 2007-11-05 12:02 2007-11-05 10:57 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL 2007-11-05 10:54 2007-11-05 10:28 20 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT 2007-11-05 10:20 1,231,872 --a–c— C:\WINNT\system32\dllcache\quartz.dll 2007-11-05 10:20 470,528 --a–c— C:\WINNT\system32\dllcache\qdvd.dll 2007-11-05 10:20 326,144 --a------ C:\WINNT\system32\joy.cpl 2007-11-05 10:20 316,928 --a–c— C:\WINNT\system32\dllcache\qdv.dll 2007-11-05 10:20 285,696 --a------ C:\WINNT\system32\kstvtune.ax 2007-11-05 10:20 257,024 --a–c— C:\WINNT\system32\dllcache\qcap.dll 2007-11-05 10:20 226,304 --a------ C:\WINNT\system32\kswdmcap.ax 2007-11-05 10:20 136,192 --a------ C:\WINNT\system32\mpg2splt.ax 2007-11-05 10:20 117,248 --a------ C:\WINNT\system32\ksproxy.ax 2007-11-05 10:20 83,456 --a------ C:\WINNT\system32\l3codecx.ax 2007-11-05 10:20 57,856 --a------ C:\WINNT\system32\mpeg2data.ax 2007-11-05 10:20 48,512 --a–c— C:\WINNT\system32\dllcache\stream.sys 2007-11-05 10:20 39,424 --a------ C:\WINNT\system32\ksxbar.ax 2007-11-05 10:20 34,304 --a------ C:\WINNT\system32\mciqtz32.dll 2007-11-05 10:20 31,744 --a–c— C:\WINNT\system32\dllcache\pid.dll 2007-11-05 10:20 27,648 --a------ C:\WINNT\system32\vbisurf.ax 2007-11-05 10:20 27,648 --a–c— C:\WINNT\system32\dllcache\vbisurf.ax 2007-11-05 10:20 14,848 --a------ C:\WINNT\system32\ipsink.ax 2007-11-05 10:20 12,288 --a------ C:\WINNT\system32\ksolay.ax 2007-11-05 10:20 4,096 --a------ C:\WINNT\system32\ksuser.dll 2007-11-05 10:20 4,096 --a–c— C:\WINNT\system32\dllcache\swenum.sys 2007-11-05 10:19 2007-11-05 10:19 2007-11-05 10:19 2,179,072 --a------ C:\WINNT\system32\mfc71d.dll 2007-11-05 10:19 1,060,864 --a------ C:\WINNT\system32\MFC71.dll 2007-11-05 10:19 974,848 --a------ C:\WINNT\system32\mfc70.dll 2007-11-05 10:18 2007-11-05 10:18 5,709,824 -ra------ C:\WINNT\system32\NkNEFPlugin.dll 2007-11-05 10:18 495,616 -ra------ C:\WINNT\system32\DRAGNKL1.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\Strato4.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\picn1120.dll 2007-11-05 10:18 155,648 -ra------ C:\WINNT\system32\picn1020.dll 2007-11-05 10:18 110,592 -ra------ C:\WINNT\system32\RCSigProc.dll 2007-11-05 10:18 76,800 -ra------ C:\WINNT\system32\RedEye.dll 2007-11-05 10:18 48,128 -ra------ C:\WINNT\system32\picn20.dll 2007-11-05 10:17 2007-11-05 10:17 2007-11-05 10:17 678,912 --a------ C:\WINNT\system32\drmv2clt.dll 2007-11-05 10:17 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll 2007-11-05 10:17 316,040 --a------ C:\WINNT\system32\mp43dmod.dll 2007-11-05 10:17 301,712 --a------ C:\WINNT\system32\drmclien.dll 2007-11-05 10:17 301,712 --a–c— C:\WINNT\system32\dllcache\drmclien.dll 2007-11-05 10:17 290,816 --a------ C:\WINNT\system32\l3codeca.acm 2007-11-05 10:17 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll 2007-11-05 10:17 82,432 --a------ C:\WINNT\system32\drmstor.dll 2007-11-05 10:17 82,432 --a–c— C:\WINNT\system32\dllcache\drmstor.dll 2007-11-05 10:17 9,728 --a–c— C:\WINNT\system32\dllcache\npwmsdrm.dll 2007-11-05 10:17 0 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT 2007-11-05 10:16 2007-11-05 10:16 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL 2007-11-05 10:16 406,016 --a------ C:\WINNT\system32\LTKRN12N.DLL 2007-11-05 10:16 259,072 --a------ C:\WINNT\system32\LTDIS12N.DLL 2007-11-05 10:16 230,400 --a------ C:\WINNT\system32\DC265.DLL 2007-11-05 10:16 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL 2007-11-05 10:16 164,864 --a------ C:\WINNT\system32\LTIMG12N.DLL 2007-11-05 10:16 131,072 --a------ C:\WINNT\system32\LTFIL12N.DLL 2007-11-05 10:09 2007-11-05 10:08 2007-11-05 10:07 212,480 --------- C:\WINNT\PCDLIB32.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-08 11:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-08 11:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 15:59 671,744 --sh–w C:\WINNT\system32_winlogon.exe 2007-11-05 09:24 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-04 16:11 29,000 ----a-w C:\WINNT\system32\drivers\kcom.sys 2007-10-04 16:10 79,688 ----a-w C:\WINNT\system32\drivers\iksyssec.sys 2007-10-04 16:10 62,280 ----a-w C:\WINNT\system32\drivers\iksysflt.sys 2007-10-04 16:10 41,288 ----a-w C:\WINNT\system32\drivers\ikfilesec.sys 2005-04-23 09:05 271 —h–w C:\Program Files\desktop.ini 2005-04-23 09:05 22,039 —h–w C:\Program Files\folder.htt 2002-08-28 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [07-07-09 08:39] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [07-11-05 19:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Synchronization Manager”=“mobsync.exe” [03-06-19 11:05 C:\WINNT\system32\mobsync.exe] “IgfxTray”=“C:\WINNT\System32\igfxtray.exe” [02-07-26 08:05] “HotKeysCmds”=“C:\WINNT\System32\hkcmd.exe” [02-07-26 07:45] “SoundMan”=“SOUNDMAN.EXE” [02-09-11 09:57 C:\WINNT\SOUNDMAN.EXE] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [07-06-28 09:06] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [03-10-16 18:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [04-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [03-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [03-10-16 18:07] “SDTray”=“D:\Spyware Doctor\SDTrayApp.exe” [07-10-02 16:27] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “Picasa Media Detector”=“D:\Picasa2\PicasaMediaDetector.exe” [07-10-23 22:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “^SetupICWDesktop”=“C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe” [03-06-19 11:05] C:\Documents and Settings\st5\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “StartMenuLogOff”= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R2 CCProxy(C…Program Files.Common Files.config.svchost.exe);Network Driver Helper;“C:\Program Files\Common Files\config\svchost.exe” -service R2 NVser;NVIDIA Drivers Services;C:\WINNT\system32\svchost.exe -k NVser R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys Start Pending2 luqnjn;luqnjn;C:\WINNT\system32\svchost.exe -k luqnjn [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NVser NVser luqnjn luqnjn *Newly Created Service* - IPNAT *Newly Created Service* - RASAUTO *Newly Created Service* - SHAREDACCESS . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-22 23:08:38 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-11-22 23:11:40 - machine was rebooted . — E O F —

Gutek · 22 Listopad 2007 22:15

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

gruba84 · 22 Listopad 2007 23:26

done!

ComboFix 07-11-19.3 - Administrator 2007-11-23 0:07:14.3 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1045.18.15 [GMT 1:00] Running from: D:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))) . 2007-11-23 00:07 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_36c.dat 2007-11-22 19:20 2007-11-22 02:01 2007-11-22 01:58 2007-11-22 01:57 1,051 --a------ C:\WINNT\home.vbs 2007-11-18 17:16 118,784 --a------ C:\WINNT\lee.exe 2007-11-15 20:17 2007-11-15 14:00 7,844 --ah----- C:\WINNT\system32\mlfcache.dat 2007-11-15 13:16 2007-11-15 12:03 2007-11-11 13:04 2007-11-11 13:02 2007-11-11 13:02 462,848 --a------ C:\WINNT\system32\msaatext.dll 2007-11-11 13:02 360,448 --a------ C:\WINNT\system32\oleacc.dll 2007-11-11 13:02 356,352 --a------ C:\WINNT\system32\oleaccrc.dll 2007-11-11 13:02 356,352 --a–c— C:\WINNT\system32\dllcache\oleaccrc.dll 2007-11-11 10:07 185 --a------ C:\WINNT\system32\mywehit.ini 2007-11-09 12:14 2007-11-08 12:59 2007-11-07 18:06 77,824 --a------ C:\ad.exe 2007-11-07 09:58 1,712,128 --a------ C:\WINNT\system32\gdiplus.dll 2007-11-05 23:12 63,421 --a------ C:\WINNT\system32\luqnjn.drv 2007-11-05 22:23 2007-11-05 22:23 2007-11-05 21:39 2007-11-05 21:38 2007-11-05 20:39 1,044 --a------ C:\WINNT\run.vbs 2007-11-05 20:39 1 --a------ C:\WINNT\system32\00049932.ini 2007-11-05 18:13 2,174,976 -----c— C:\WINNT\system32\dllcache\wmvcore.dll 2007-11-05 12:27 1,156 --a------ C:\WINNT\mozver.dat 2007-11-05 12:11 2007-11-05 12:06 2007-11-05 12:03 2007-11-05 12:02 2007-11-05 10:57 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL 2007-11-05 10:54 2007-11-05 10:28 20 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT 2007-11-05 10:20 1,231,872 --a–c— C:\WINNT\system32\dllcache\quartz.dll 2007-11-05 10:20 470,528 --a–c— C:\WINNT\system32\dllcache\qdvd.dll 2007-11-05 10:20 326,144 --a------ C:\WINNT\system32\joy.cpl 2007-11-05 10:20 316,928 --a–c— C:\WINNT\system32\dllcache\qdv.dll 2007-11-05 10:20 285,696 --a------ C:\WINNT\system32\kstvtune.ax 2007-11-05 10:20 257,024 --a–c— C:\WINNT\system32\dllcache\qcap.dll 2007-11-05 10:20 226,304 --a------ C:\WINNT\system32\kswdmcap.ax 2007-11-05 10:20 136,192 --a------ C:\WINNT\system32\mpg2splt.ax 2007-11-05 10:20 117,248 --a------ C:\WINNT\system32\ksproxy.ax 2007-11-05 10:20 83,456 --a------ C:\WINNT\system32\l3codecx.ax 2007-11-05 10:20 57,856 --a------ C:\WINNT\system32\mpeg2data.ax 2007-11-05 10:20 48,512 --a–c— C:\WINNT\system32\dllcache\stream.sys 2007-11-05 10:20 39,424 --a------ C:\WINNT\system32\ksxbar.ax 2007-11-05 10:20 34,304 --a------ C:\WINNT\system32\mciqtz32.dll 2007-11-05 10:20 31,744 --a–c— C:\WINNT\system32\dllcache\pid.dll 2007-11-05 10:20 27,648 --a------ C:\WINNT\system32\vbisurf.ax 2007-11-05 10:20 27,648 --a–c— C:\WINNT\system32\dllcache\vbisurf.ax 2007-11-05 10:20 14,848 --a------ C:\WINNT\system32\ipsink.ax 2007-11-05 10:20 12,288 --a------ C:\WINNT\system32\ksolay.ax 2007-11-05 10:20 4,096 --a------ C:\WINNT\system32\ksuser.dll 2007-11-05 10:20 4,096 --a–c— C:\WINNT\system32\dllcache\swenum.sys 2007-11-05 10:19 2007-11-05 10:19 2007-11-05 10:19 2,179,072 --a------ C:\WINNT\system32\mfc71d.dll 2007-11-05 10:19 1,060,864 --a------ C:\WINNT\system32\MFC71.dll 2007-11-05 10:19 974,848 --a------ C:\WINNT\system32\mfc70.dll 2007-11-05 10:18 2007-11-05 10:18 5,709,824 -ra------ C:\WINNT\system32\NkNEFPlugin.dll 2007-11-05 10:18 495,616 -ra------ C:\WINNT\system32\DRAGNKL1.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\Strato4.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\picn1120.dll 2007-11-05 10:18 155,648 -ra------ C:\WINNT\system32\picn1020.dll 2007-11-05 10:18 110,592 -ra------ C:\WINNT\system32\RCSigProc.dll 2007-11-05 10:18 76,800 -ra------ C:\WINNT\system32\RedEye.dll 2007-11-05 10:18 48,128 -ra------ C:\WINNT\system32\picn20.dll 2007-11-05 10:17 2007-11-05 10:17 2007-11-05 10:17 678,912 --a------ C:\WINNT\system32\drmv2clt.dll 2007-11-05 10:17 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll 2007-11-05 10:17 316,040 --a------ C:\WINNT\system32\mp43dmod.dll 2007-11-05 10:17 301,712 --a------ C:\WINNT\system32\drmclien.dll 2007-11-05 10:17 301,712 --a–c— C:\WINNT\system32\dllcache\drmclien.dll 2007-11-05 10:17 290,816 --a------ C:\WINNT\system32\l3codeca.acm 2007-11-05 10:17 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll 2007-11-05 10:17 82,432 --a------ C:\WINNT\system32\drmstor.dll 2007-11-05 10:17 82,432 --a–c— C:\WINNT\system32\dllcache\drmstor.dll 2007-11-05 10:17 9,728 --a–c— C:\WINNT\system32\dllcache\npwmsdrm.dll 2007-11-05 10:17 0 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT 2007-11-05 10:16 2007-11-05 10:16 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL 2007-11-05 10:16 406,016 --a------ C:\WINNT\system32\LTKRN12N.DLL 2007-11-05 10:16 259,072 --a------ C:\WINNT\system32\LTDIS12N.DLL 2007-11-05 10:16 230,400 --a------ C:\WINNT\system32\DC265.DLL 2007-11-05 10:16 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL 2007-11-05 10:16 164,864 --a------ C:\WINNT\system32\LTIMG12N.DLL 2007-11-05 10:16 131,072 --a------ C:\WINNT\system32\LTFIL12N.DLL 2007-11-05 10:09 2007-11-05 10:08 2007-11-05 10:07 212,480 --------- C:\WINNT\PCDLIB32.DLL 2007-11-05 10:05 2007-11-05 10:05 0 --a------ C:\WINNT\nsreg.dat 2007-11-05 10:03 6,668,248 --a------ C:\Program Files\Firefox Setup 2.0.0.9.exe 2007-11-05 10:02 4,346,704 --a------ C:\Program Files\gg77.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-08 11:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-08 11:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 15:59 671,744 --sh–w C:\WINNT\system32_winlogon.exe 2007-11-05 09:24 --------- d-----w C:\Program Files\Gadu-Gadu 2007-10-04 16:11 29,000 ----a-w C:\WINNT\system32\drivers\kcom.sys 2007-10-04 16:10 79,688 ----a-w C:\WINNT\system32\drivers\iksyssec.sys 2007-10-04 16:10 62,280 ----a-w C:\WINNT\system32\drivers\iksysflt.sys 2007-10-04 16:10 41,288 ----a-w C:\WINNT\system32\drivers\ikfilesec.sys 2005-04-23 09:05 271 —h–w C:\Program Files\desktop.ini 2005-04-23 09:05 22,039 —h–w C:\Program Files\folder.htt 2002-08-28 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [07-07-09 08:39] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [07-11-05 19:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Synchronization Manager”=“mobsync.exe” [03-06-19 11:05 C:\WINNT\system32\mobsync.exe] “IgfxTray”=“C:\WINNT\System32\igfxtray.exe” [02-07-26 08:05] “HotKeysCmds”=“C:\WINNT\System32\hkcmd.exe” [02-07-26 07:45] “SoundMan”=“SOUNDMAN.EXE” [02-09-11 09:57 C:\WINNT\SOUNDMAN.EXE] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [07-06-28 09:06] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [03-10-16 18:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [04-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [03-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [03-10-16 18:07] “SDTray”=“D:\Spyware Doctor\SDTrayApp.exe” [07-10-02 16:27] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “Picasa Media Detector”=“D:\Picasa2\PicasaMediaDetector.exe” [07-10-23 22:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “^SetupICWDesktop”=“C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe” [03-06-19 11:05] C:\Documents and Settings\st5\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “StartMenuLogOff”= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R2 CCProxy(C…Program Files.Common Files.config.svchost.exe);Network Driver Helper;“C:\Program Files\Common Files\config\svchost.exe” -service R2 NVser;NVIDIA Drivers Services;C:\WINNT\system32\svchost.exe -k NVser R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NVser NVser luqnjn luqnjn . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-23 00:10:52 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-11-23 0:12:43 C:\ComboFix2.txt … 07-11-23 00:02 C:\ComboFix3.txt … 07-11-22 23:11 . — E O F —

Gutek · 23 Listopad 2007 22:54

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

przeskanuj na http://virusscan.jotti.org/

gruba84 · 24 Listopad 2007 00:49

nie chciało mi się robić formatu a teraz cierpię za moje lenistwo… myśląc jednak o tym ze takich osób jak ja jest więcej a Wy ze wszystkimi sie musicie “użerać” pokornie wykonuję dalsze instrukcje …

ComboFix 07-11-19.3 - Administrator 2007-11-24 1:41:52.5 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1045.18.10 [GMT 1:00] Running from: D:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 ))))))))))))))))))))))))))))))) . 2007-11-24 01:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_36c.dat 2007-11-23 01:09 2007-11-22 19:20 2007-11-22 02:01 2007-11-22 01:58 2007-11-22 01:57 1,051 --a------ C:\WINNT\home.vbs 2007-11-18 17:16 118,784 --a------ C:\WINNT\lee.exe 2007-11-15 20:17 2007-11-15 14:00 7,844 --ah----- C:\WINNT\system32\mlfcache.dat 2007-11-15 13:16 2007-11-15 12:03 2007-11-11 13:04 2007-11-11 13:02 2007-11-11 13:02 462,848 --a------ C:\WINNT\system32\msaatext.dll 2007-11-11 13:02 360,448 --a------ C:\WINNT\system32\oleacc.dll 2007-11-11 13:02 356,352 --a------ C:\WINNT\system32\oleaccrc.dll 2007-11-11 13:02 356,352 --a–c— C:\WINNT\system32\dllcache\oleaccrc.dll 2007-11-11 10:07 185 --a------ C:\WINNT\system32\mywehit.ini 2007-11-09 12:14 2007-11-08 12:59 2007-11-07 09:58 1,712,128 --a------ C:\WINNT\system32\gdiplus.dll 2007-11-05 23:12 63,421 --a------ C:\WINNT\system32\luqnjn.drv 2007-11-05 22:23 2007-11-05 22:23 2007-11-05 21:39 2007-11-05 21:38 2007-11-05 18:13 2,174,976 -----c— C:\WINNT\system32\dllcache\wmvcore.dll 2007-11-05 12:27 1,156 --a------ C:\WINNT\mozver.dat 2007-11-05 12:11 2007-11-05 12:06 2007-11-05 12:03 2007-11-05 12:02 2007-11-05 10:57 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL 2007-11-05 10:54 2007-11-05 10:28 20 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT 2007-11-05 10:20 1,231,872 --a–c— C:\WINNT\system32\dllcache\quartz.dll 2007-11-05 10:20 470,528 --a–c— C:\WINNT\system32\dllcache\qdvd.dll 2007-11-05 10:20 326,144 --a------ C:\WINNT\system32\joy.cpl 2007-11-05 10:20 316,928 --a–c— C:\WINNT\system32\dllcache\qdv.dll 2007-11-05 10:20 285,696 --a------ C:\WINNT\system32\kstvtune.ax 2007-11-05 10:20 257,024 --a–c— C:\WINNT\system32\dllcache\qcap.dll 2007-11-05 10:20 226,304 --a------ C:\WINNT\system32\kswdmcap.ax 2007-11-05 10:20 136,192 --a------ C:\WINNT\system32\mpg2splt.ax 2007-11-05 10:20 117,248 --a------ C:\WINNT\system32\ksproxy.ax 2007-11-05 10:20 83,456 --a------ C:\WINNT\system32\l3codecx.ax 2007-11-05 10:20 57,856 --a------ C:\WINNT\system32\mpeg2data.ax 2007-11-05 10:20 48,512 --a–c— C:\WINNT\system32\dllcache\stream.sys 2007-11-05 10:20 39,424 --a------ C:\WINNT\system32\ksxbar.ax 2007-11-05 10:20 34,304 --a------ C:\WINNT\system32\mciqtz32.dll 2007-11-05 10:20 31,744 --a–c— C:\WINNT\system32\dllcache\pid.dll 2007-11-05 10:20 27,648 --a------ C:\WINNT\system32\vbisurf.ax 2007-11-05 10:20 27,648 --a–c— C:\WINNT\system32\dllcache\vbisurf.ax 2007-11-05 10:20 14,848 --a------ C:\WINNT\system32\ipsink.ax 2007-11-05 10:20 12,288 --a------ C:\WINNT\system32\ksolay.ax 2007-11-05 10:20 4,096 --a------ C:\WINNT\system32\ksuser.dll 2007-11-05 10:20 4,096 --a–c— C:\WINNT\system32\dllcache\swenum.sys 2007-11-05 10:19 2007-11-05 10:19 2007-11-05 10:19 2,179,072 --a------ C:\WINNT\system32\mfc71d.dll 2007-11-05 10:19 1,060,864 --a------ C:\WINNT\system32\MFC71.dll 2007-11-05 10:19 974,848 --a------ C:\WINNT\system32\mfc70.dll 2007-11-05 10:18 2007-11-05 10:18 5,709,824 -ra------ C:\WINNT\system32\NkNEFPlugin.dll 2007-11-05 10:18 495,616 -ra------ C:\WINNT\system32\DRAGNKL1.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\Strato4.dll 2007-11-05 10:18 180,224 -ra------ C:\WINNT\system32\picn1120.dll 2007-11-05 10:18 155,648 -ra------ C:\WINNT\system32\picn1020.dll 2007-11-05 10:18 110,592 -ra------ C:\WINNT\system32\RCSigProc.dll 2007-11-05 10:18 76,800 -ra------ C:\WINNT\system32\RedEye.dll 2007-11-05 10:18 48,128 -ra------ C:\WINNT\system32\picn20.dll 2007-11-05 10:17 2007-11-05 10:17 2007-11-05 10:17 678,912 --a------ C:\WINNT\system32\drmv2clt.dll 2007-11-05 10:17 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll 2007-11-05 10:17 316,040 --a------ C:\WINNT\system32\mp43dmod.dll 2007-11-05 10:17 301,712 --a------ C:\WINNT\system32\drmclien.dll 2007-11-05 10:17 301,712 --a–c— C:\WINNT\system32\dllcache\drmclien.dll 2007-11-05 10:17 290,816 --a------ C:\WINNT\system32\l3codeca.acm 2007-11-05 10:17 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll 2007-11-05 10:17 82,432 --a------ C:\WINNT\system32\drmstor.dll 2007-11-05 10:17 82,432 --a–c— C:\WINNT\system32\dllcache\drmstor.dll 2007-11-05 10:17 9,728 --a–c— C:\WINNT\system32\dllcache\npwmsdrm.dll 2007-11-05 10:17 0 —h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT 2007-11-05 10:16 2007-11-05 10:16 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL 2007-11-05 10:16 406,016 --a------ C:\WINNT\system32\LTKRN12N.DLL 2007-11-05 10:16 259,072 --a------ C:\WINNT\system32\LTDIS12N.DLL 2007-11-05 10:16 230,400 --a------ C:\WINNT\system32\DC265.DLL 2007-11-05 10:16 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL 2007-11-05 10:16 164,864 --a------ C:\WINNT\system32\LTIMG12N.DLL 2007-11-05 10:16 131,072 --a------ C:\WINNT\system32\LTFIL12N.DLL 2007-11-05 10:09 2007-11-05 10:08 2007-11-05 10:07 212,480 --------- C:\WINNT\PCDLIB32.DLL 2007-11-05 10:05 2007-11-05 10:05 0 --a------ C:\WINNT\nsreg.dat 2007-11-05 10:03 6,668,248 --a------ C:\Program Files\Firefox Setup 2.0.0.9.exe 2007-11-05 10:02 4,346,704 --a------ C:\Program Files\gg77.exe 2007-11-05 09:54 32,768 --a------ C:\WINNT\system32\WooDial2000.dll 2007-11-05 09:50 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-22 23:50 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-08 11:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-08 11:55 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 15:59 671,744 --sh–w C:\WINNT\system32_winlogon.exe 2007-10-04 16:11 29,000 ----a-w C:\WINNT\system32\drivers\kcom.sys 2007-10-04 16:10 79,688 ----a-w C:\WINNT\system32\drivers\iksyssec.sys 2007-10-04 16:10 62,280 ----a-w C:\WINNT\system32\drivers\iksysflt.sys 2007-10-04 16:10 41,288 ----a-w C:\WINNT\system32\drivers\ikfilesec.sys 2005-04-23 09:05 271 —h–w C:\Program Files\desktop.ini 2005-04-23 09:05 22,039 —h–w C:\Program Files\folder.htt 2002-08-28 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [07-11-05 19:00] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [07-11-14 11:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Synchronization Manager”=“mobsync.exe” [03-06-19 11:05 C:\WINNT\system32\mobsync.exe] “IgfxTray”=“C:\WINNT\System32\igfxtray.exe” [02-07-26 08:05] “HotKeysCmds”=“C:\WINNT\System32\hkcmd.exe” [02-07-26 07:45] “SoundMan”=“SOUNDMAN.EXE” [02-09-11 09:57 C:\WINNT\SOUNDMAN.EXE] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [07-06-28 09:06] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [03-10-16 18:07] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [04-01-26 11:38] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [03-10-16 18:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [03-10-16 18:07] “SDTray”=“D:\Spyware Doctor\SDTrayApp.exe” [07-10-02 16:27] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “internat.exe”=“internat.exe” [02-08-28 01:00 C:\WINNT\system32\internat.exe] “Picasa Media Detector”=“D:\Picasa2\PicasaMediaDetector.exe” [07-10-23 22:18] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “^SetupICWDesktop”=“C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe” [03-06-19 11:05] C:\Documents and Settings\st5\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.2.0.lnk - C:\Program Files\OpenOffice.ux.pl 2.2.0\program\quickstart.exe [2007-04-12 11:40:08] [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “StartMenuLogOff”= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R2 CCProxy(C…Program Files.Common Files.config.svchost.exe);Network Driver Helper;“C:\Program Files\Common Files\config\svchost.exe” -service R2 NVser;NVIDIA Drivers Services;C:\WINNT\system32\svchost.exe -k NVser R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NVser NVser luqnjn luqnjn . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-24 01:44:48 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-24 1:46:40 C:\ComboFix2.txt … 07-11-24 01:17 C:\ComboFix3.txt … 07-11-23 00:12 . — E O F —

a to wynik skanu ze strony widzę że coś nie halo ale nie wiem co z tym dalej zrobić …

system · 24 Listopad 2007 09:08

Również w ComboFix widoczna jest niedawna modyfikacja winlogon.exe.

Trzeba podmienić winlogon.exe za pomocą Konsoli Odzyskiwania.