Trojan - ConHook , PWS Tanspy

piotrkru · 11 Listopad 2007 10:21

Witam

Proszę o pomoc i sprawdzenie loga oraz wskazanie które pliki mam usunąc,

Trojany usuwam programem Spyware Doctor ale znowu się pojawiaja,

Program Symantec Antivirus.

Poniżej przesyła plik z ComboFix

ComboFix 07-11-08.1 - PIOTRK 2007-11-11 10:33:08.4 - FAT32x86 MINIMAL Running from: C:\Instal\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-10 18:55 2007-11-10 18:04 2007-11-10 17:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 11:36 2007-11-10 11:34 2007-11-10 11:24 2007-11-10 11:23 2007-11-10 11:22 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-10 10:41 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-10 10:41 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-10 10:41 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-10 10:41 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-10 10:41 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-10 10:41 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-10 10:41 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-10 00:19 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-11-10 00:19 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-11-10 00:19 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll 2007-11-09 23:50 2007-11-09 22:15 167,936 --a------ C:\WINDOWS\system32\igfxres.dll 2007-11-09 21:42 2,134,528 --a------ C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2007-11-09 21:42 314,880 --a------ C:\WINDOWS\system32\dllcache\EXCH_aqueue.dll 2007-11-09 21:42 175,104 --a------ C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll 2007-11-09 21:42 45,056 --a------ C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2007-11-09 21:42 5,632 --a------ C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll 2007-11-09 21:34 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-11-09 21:34 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-11-09 21:34 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-11-09 21:34 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-11-09 21:33 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-11-09 21:33 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-11-09 21:33 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-11-09 21:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-11-09 21:25 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-11-09 21:24 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-11-09 21:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-09 21:24 24,661 --a------ C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-09 21:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-09 21:24 13,312 --a------ C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-09 21:24 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-11-08 21:18 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-08 21:18 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-08 21:18 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-08 21:18 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-11-08 21:18 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-08 21:14 2007-11-08 21:14 2007-11-08 21:14 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 17:37 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-07 22:24 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-11-07 21:57 2007-11-07 18:48 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-11-07 18:43 1,092,608 --a------ C:\WINDOWS\system32\esent.dll 2007-11-07 18:20 2007-11-07 18:11 2007-11-07 18:10 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-11-07 18:10 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-11-06 21:01 2007-11-06 00:19 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-11-05 18:21 85,568 --a------ C:\WINDOWS\system32\ryyjgkqo.dll 2007-11-05 18:21 83,008 --a------ C:\WINDOWS\system32\dbsnwkdn.dll 2007-11-04 09:24 78,912 --a------ C:\WINDOWS\system32\jygsrlxo.dll 2007-11-03 22:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-11-03 22:42 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-03 22:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-11-03 16:37 2007-10-29 16:36 2007-10-26 18:26 2007-10-26 17:51 2007-10-26 17:41 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-22 13:19 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 11:01 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:01 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:01 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:01 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:01 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:01 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:01 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:01 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:01 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:01 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:01 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:01 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:01 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:01 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:01 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:01 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:01 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:24 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:24 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2007-08-13 17:54 33,792 ------w C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-13 17:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:45 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll 2007-08-13 17:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:44 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll 2007-08-13 17:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll 2007-08-13 17:42 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll 2007-08-13 17:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:39 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll 2007-08-13 17:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-08-13 17:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:36 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll 2007-08-13 17:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:32 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe 2007-08-13 17:18 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2007-08-13 17:01 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{9550d8cd-2003-4c3d-ba9d-0c7b3fe4fd45}] 2007-11-05 18:21 83008 --a------ C:\WINDOWS\system32\dbsnwkdn.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F8360A5C-9799-4CA1-AC01-B30B1A8439D0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-06-01 14:17] “ePowerManagement”=“C:\Acer\ePM\ePM.exe” [2005-03-15 10:03] “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [] “LaunchAp”=“C:\Program Files\Launch Manager\LaunchAp.exe” [2005-07-25 13:36] “CtrlVol”=“C:\Program Files\Launch Manager\CtrlVol.exe” [2003-09-16 14:28] “LMgrOSD”=“C:\Program Files\Launch Manager\OSDCtrl.exe” [2005-07-25 10:45] “Wbutton”=“C:\Program Files\Launch Manager\Wbutton.exe” [2005-07-25 13:34] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2005-05-16 14:52] “vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [2005-05-20 17:18] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-02-04 11:12] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-02-04 11:11] “SoundMan”=“SOUNDMAN.EXE” [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-08 21:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-10-10 16:51] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-07 10:36] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 08:44] “WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 11:46] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys S1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys S2 EpmPsd;Acer EPM Power Scheme Driver;??\C:\WINDOWS\system32\drivers\epm-psd.sys S2 EpmShd;Acer EPM System Hardware Driver;??\C:\WINDOWS\system32\drivers\epm-shd.sys S2 int15.sys;int15.sys;??\C:\Program Files\Acer\eRecovery\int15.sys S2 osaio;osaio;??\C:\WINDOWS\system32\drivers\osaio.sys S2 osanbm;osanbm;??\C:\WINDOWS\system32\drivers\osanbm.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 EraserUtilDrv10733;EraserUtilDrv10733;??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10733.sys S3 POWERKEY;POWERKEY;??\C:\Program Files\Launch Manager\POWERKEY.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{39b1e81a-0d63-11dc-8718-0011671b28a3}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 10:36:04 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 10:37:11 C:\ComboFix3.txt … 2007-11-10 17:39 C:\ComboFix2.txt … 2007-11-10 22:23 . — E O F —

Gutek · 11 Listopad 2007 13:42

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Pobierz program SDFix

piotrkru · 11 Listopad 2007 16:15

Zrobiłem tak jak kazałeś

Proszę o sprawdzenie loga

Z góry dziekuje za pomoc

SDFix: Version 1.114 Run by PIOTRK on 2007-11-11 at 16:57 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 17:05:19 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sat 26 Nov 2005 1,024 …HR — “C:\WINDOWS\system32\NTICDMK7.dll” Sat 26 Nov 2005 1,024 …HR — “C:\WINDOWS\system32\NTIMPEG2.dll” Sat 26 Nov 2005 1,024 …HR — “C:\WINDOWS\system32\NTIMP3.dll” Sat 26 Nov 2005 1,024 …HR — “C:\WINDOWS\system32\NTIFCD3.dll” Sat 26 Nov 2005 1,024 …HR — “C:\WINDOWS\system32\NTIBUN4.dll” Fri 31 Aug 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Sat 10 Nov 2007 1,024 A…H. — “C:\System Volume Information_restore{F678637E-19E5-4DCB-8975-542CD44D932D}\RP123\A0007772.sys” Tue 28 Aug 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\7bfd24c44368c1f4c08da0b18d20b54e\download\BITC7.tmp” Tue 14 Dec 2004 256,581 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\5c9fd830c61df8040995447f1d8e61b0\download\BITB8.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\2c7c094c07d8ab1c6d2c7df6e96d2df0\download\BITC9.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\f0b88fe1ffe91bd3a9ea0d5ad18f24b7\download\BITFE.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\8024f4e99b89fb365c808f79d373434f\download\BITBF.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\076f1aa5a201db5b428fbe164817aab2\download\BITC5.tmp” Tue 8 Nov 2005 1,871,939 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\582bdda5f43d44226c30640097348c74\download\BITBC.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\cceb21cd2a7a35a4e5b1d264978f4dfd\download\BITC1.tmp” Fri 5 Aug 2005 175,339 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\c636f36b2a084e07ecb5cf11b488b148\download\BITBB.tmp” Thu 22 Jun 2006 341,765 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\0d5de1cd7fc62d3668ea0afcc642fb24\download\BITBA.tmp” Wed 7 Nov 2007 754,193 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\6d3e4a8f99a381f392de0d99b22fc9a6\download\BITBE.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\7483baa74d23e227890cfb4d356042d5\download\BITC4.tmp” Sat 23 Sep 2006 830,469 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\22d177b61fde58f114e05dfd9b70c96d\download\BITB7.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\a973a4b0bff52375def6ea55f54d9f60\download\BITC6.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\e8fc35c1be1293ddc83ec4f731e700a5\download\BITE0.tmp” Wed 29 Mar 2006 77,369 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\929cd614a46aa170511c3292b3848eb2\download\BITB9.tmp” Fri 28 Jul 2006 1,860,301 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\b43f637a2bff1ded8a01f9a1dec6293d\download\BITB6.tmp” Wed 7 Nov 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\a23edd26fc03189a66774c8772cf784c\download\BITCD.tmp” Finished!

Gutek · 11 Listopad 2007 17:59

Prawoklik na Mój Komputer>>Przywracanie systemu>> wyłącz przywracanie systemu na wszystkich dyskach.

Prosze też o nowy log z Combo

piotrkru · 11 Listopad 2007 18:40

Wyłaczyłem przywracanie sytemu i zrobiłem log z combo

Prosze o info czy powinienem wyłaczyć przywracanie systemu wcześniej przed wykonaniem operacji programem SDFix

Proszę o sprawdzenie poniższego loga

ComboFix 07-11-08.1 - PIOTRK 2007-11-11 19:30:47.6 - FAT32x86 Running from: C:\Instal\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-10 18:55 2007-11-10 18:04 2007-11-10 17:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-10 11:36 2007-11-10 11:34 2007-11-10 11:24 2007-11-10 11:23 2007-11-10 11:22 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-10 10:41 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-10 10:41 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-10 10:41 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-10 10:41 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-10 10:41 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-10 10:41 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-10 10:41 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-10 00:19 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-11-10 00:19 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-11-10 00:19 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll 2007-11-09 23:50 2007-11-09 22:15 167,936 --a------ C:\WINDOWS\system32\igfxres.dll 2007-11-09 21:42 2,134,528 --a------ C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll 2007-11-09 21:42 314,880 --a------ C:\WINDOWS\system32\dllcache\EXCH_aqueue.dll 2007-11-09 21:42 175,104 --a------ C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll 2007-11-09 21:42 45,056 --a------ C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2007-11-09 21:42 5,632 --a------ C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll 2007-11-09 21:34 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-11-09 21:34 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-11-09 21:34 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-11-09 21:34 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-11-09 21:33 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-11-09 21:33 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-11-09 21:33 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-11-09 21:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-11-09 21:25 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-11-09 21:24 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-11-09 21:24 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-09 21:24 24,661 --a------ C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-09 21:24 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-09 21:24 13,312 --a------ C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-09 21:24 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-11-08 21:18 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-08 21:18 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-08 21:18 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-08 21:18 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-11-08 21:18 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-08 21:14 2007-11-08 21:14 2007-11-08 21:14 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-08 17:37 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-07 22:24 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-11-07 21:57 2007-11-07 18:48 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-11-07 18:43 1,092,608 --a------ C:\WINDOWS\system32\esent.dll 2007-11-07 18:20 2007-11-07 18:11 2007-11-07 18:10 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-11-07 18:10 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-11-06 21:01 2007-11-03 22:42 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-03 22:42 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-11-03 16:37 2007-10-29 16:36 2007-10-26 18:26 2007-10-26 17:51 2007-10-26 17:41 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-22 13:19 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 11:01 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:01 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:01 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:01 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:01 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:01 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:01 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:01 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:01 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:01 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:01 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:01 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:01 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:01 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:01 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:01 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:01 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:24 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:24 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-08-13 17:54 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2007-08-13 17:54 33,792 ------w C:\WINDOWS\system32\dllcache\custsat.dll 2007-08-13 17:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll 2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2007-08-13 17:45 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll 2007-08-13 17:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2007-08-13 17:44 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll 2007-08-13 17:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll 2007-08-13 17:42 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll 2007-08-13 17:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll 2007-08-13 17:39 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll 2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2007-08-13 17:39 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll 2007-08-13 17:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll 2007-08-13 17:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2007-08-13 17:36 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll 2007-08-13 17:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2007-08-13 17:32 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe 2007-08-13 17:18 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll 2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2007-08-13 17:01 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “EPM-DM”=“c:\acer\epm\epm-dm.exe” [2005-06-01 14:17] “ePowerManagement”=“C:\Acer\ePM\ePM.exe” [2005-03-15 10:03] “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [] “LaunchAp”=“C:\Program Files\Launch Manager\LaunchAp.exe” [2005-07-25 13:36] “CtrlVol”=“C:\Program Files\Launch Manager\CtrlVol.exe” [2003-09-16 14:28] “LMgrOSD”=“C:\Program Files\Launch Manager\OSDCtrl.exe” [2005-07-25 10:45] “Wbutton”=“C:\Program Files\Launch Manager\Wbutton.exe” [2005-07-25 13:34] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2005-05-16 14:52] “vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [2005-05-20 17:18] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-02-04 11:12] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-02-04 11:11] “SoundMan”=“SOUNDMAN.EXE” [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-08 21:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-10-10 16:51] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-07 10:36] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 08:44] “WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 11:46] “AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [2007-07-02 11:29] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys R2 EpmPsd;Acer EPM Power Scheme Driver;??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 int15.sys;int15.sys;??\C:\Program Files\Acer\eRecovery\int15.sys R2 osaio;osaio;??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;??\C:\WINDOWS\system32\drivers\osanbm.sys S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys S3 BTNetFilter;Bluetooth Network Filter;??\C:\WINDOWS\system32\drivers\BTNetFilter.sys S3 POWERKEY;POWERKEY;??\C:\Program Files\Launch Manager\POWERKEY.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - APPMGMT . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 19:33:12 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 19:34:18 C:\ComboFix2.txt … 2007-11-11 16:48 C:\ComboFix3.txt … 2007-11-11 10:37 . — E O F —

Gutek · 11 Listopad 2007 18:46

Już jest Ok

piotrkru · 11 Listopad 2007 19:16

Bardzo dziękuje za pomoc i zaangażowanie, jestem nowym uzytkownikiem na

forum jeżeli wystawia się jakieś komentarze lub podziekowania to proszę

powiedziedz gdzie. Chętnie wystawie pozytywny komentarz

Prosze jeszcze o sprawdzenie loga z drugiego kompa.

Byly tam wczesniej trojany i wirusy ale usunalem je za pomoca programow anty wirusowych i teraz nic nie pokazuje ale strasznie sie muli

Nie wiem czy ma to jakies znaczenie ale jest tam windows wersja angielska

ComboFix 07-11-08.1 - Administrator 11/11/2007 8:01:51.2 - NTFSx86 Running from: C:\Install\New Folder\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 06:51 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-11 03:42 --------- d-----w C:\Program Files\MSXML 6.0 2007-11-11 03:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-11 03:17 --------- d-----w C:\Program Files\Symantec 2007-11-11 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-11 02:33 --------- d-----w C:\Program Files\MSN Messenger 2007-11-11 02:31 --------- d-----w C:\Program Files\Pro Imaging Powertoys 2007-11-11 02:14 --------- d-----w C:\Program Files\Microsoft Games 2007-11-11 02:12 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-11 02:12 --------- d-----w C:\Program Files\Microsoft PowerToys 2007-11-11 02:12 --------- d-----w C:\Program Files\HashTab Shell Extension 2007-11-10 19:46 --------- d-----w C:\Program Files\Windows Sidebar 2007-11-10 19:46 --------- d-----w C:\Program Files\nLite 2007-11-10 08:08 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-05 05:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2007-11-01 19:52 --------- d-----w C:\Program Files\Utilities 2007-11-01 08:39 --------- d-----w C:\Program Files\Lavasoft 2007-11-01 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-27 19:51 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-27 19:51 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-27 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-27 17:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-27 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-27 16:20 --------- d-----w C:\Program Files\SkanerOnline 2007-10-27 14:45 --------- d-----w C:\Program Files\Google 2007-10-22 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\YourPrivacyGuard 2007-09-18 19:10 --------- d-----w C:\Program Files\BearShare Applications 2007-09-18 19:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BearShare 2007-09-18 18:17 --------- d-----w C:\Program Files\Wesola_Szkola_3 2007-09-11 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6 2007-09-11 18:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSN6 2007-08-21 17:32 47,792 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{3C6BBB92-D1B2-CDA5-D0EA-07566EFDB06C}] C:\Program Files\ybzufkkb\jkynkufz.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [07/19/2006 07:26 PM] “vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [09/27/2006 08:33 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VoipStunt”=“C:\program files\voipstunt.com\voipstunt\voipstunt.exe” [07/09/2007 11:55 AM] “Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [06/11/2007 05:16 PM] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/03/2004 07:26 PM] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “tscuninstall”=%systemroot%\system32\tscupgrd.exe “ShowDeskFix”=regsvr32 /s /n /i:u shell32 “IE7-10”=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,4,N [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" S3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 08:06:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 11/11/2007 8:08:22 . — E O F —

Gutek · 11 Listopad 2007 19:54

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

piotrkru · 11 Listopad 2007 20:45

Zrobiłem tak jak prosiłeś ale teraz komp otwiera się 5 min i po otwarciu nie na netu ani ikonek z siecią, w panelu sterowania tam gdzie jest połączenia sieciowe jest pusto, explorer też się nie otwiera.

Jak można wrócić do poprzedniego stanu ???

Dodam że nie usuwałem folderu Qoobox po tym jak kom otwierał się tak długo myślałem że może on się przyda

Nie mam mozliwości wysłania nowego loga ponieważ piszę z innego kompa a na tym co były usuwane pliki nie ma sieci

Dziękuję i pozdrawiam

Gutek · 11 Listopad 2007 20:47

Otwórz notatnik i wklej:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Daj nowy log z Combo

EDIT: Nie dodałem - Windows Registry Editor Version 5.00 - poprawiłem

piotrkru · 11 Listopad 2007 21:14

Niestety nie moge dodac polecen do rejestru, po potwierdzeniu wychozi mi napis:

Registry Editor

Cannot import C:\Documents and Settings\Administrator\Desktop\FIX.REG: The specified file is not a registry script. You can only import binary registry files from within the registry editor

Mogę wejść do rejestru z pozycji strart - uruchom - regedit

Gutek · 11 Listopad 2007 21:17

Aj juz zmęczenie wychodzi nie dodałem:

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

nowy log z Combo po tym

piotrkru · 11 Listopad 2007 21:27

Niestety wychodzi ten sam blad

Moze da sie to dodac jakos recznie lub z poziomu windows w trybie awaryjnym

Gutek · 11 Listopad 2007 21:31

a taki?

daj nowy log z Combo

piotrkru · 11 Listopad 2007 22:08

Dodane do rejestru

Podaje nowy log z Combo

ComboFix 07-11-08.1 - Administrator 11/11/2007 10:53:50.4 - NTFSx86 Running from: C:\Install\New Folder\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 09:41 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-11 03:42 --------- d-----w C:\Program Files\MSXML 6.0 2007-11-11 03:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-11 03:17 --------- d-----w C:\Program Files\Symantec 2007-11-11 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-11 02:33 --------- d-----w C:\Program Files\MSN Messenger 2007-11-11 02:31 --------- d-----w C:\Program Files\Pro Imaging Powertoys 2007-11-11 02:14 --------- d-----w C:\Program Files\Microsoft Games 2007-11-11 02:12 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-11 02:12 --------- d-----w C:\Program Files\Microsoft PowerToys 2007-11-11 02:12 --------- d-----w C:\Program Files\HashTab Shell Extension 2007-11-10 19:46 --------- d-----w C:\Program Files\Windows Sidebar 2007-11-10 19:46 --------- d-----w C:\Program Files\nLite 2007-11-10 08:08 --------- d-----w C:\Program Files\Spyware Doctor 2007-11-05 05:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7 2007-11-01 19:52 --------- d-----w C:\Program Files\Utilities 2007-11-01 08:39 --------- d-----w C:\Program Files\Lavasoft 2007-11-01 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-27 19:51 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-10-27 19:51 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2007-10-27 19:51 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-27 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2007-10-27 17:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7 2007-10-27 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-27 16:20 --------- d-----w C:\Program Files\SkanerOnline 2007-10-27 14:45 --------- d-----w C:\Program Files\Google 2007-10-22 18:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\YourPrivacyGuard 2007-09-18 19:10 --------- d-----w C:\Program Files\BearShare Applications 2007-09-18 19:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BearShare 2007-09-18 18:17 --------- d-----w C:\Program Files\Wesola_Szkola_3 2007-09-11 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6 2007-09-11 18:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MSN6 2007-08-21 17:32 47,792 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [07/19/2006 07:26 PM] “vptray”=“C:\PROGRA~1\SYMANT~1\VPTray.exe” [09/27/2006 08:33 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VoipStunt”=“C:\program files\voipstunt.com\voipstunt\voipstunt.exe” [07/09/2007 11:55 AM] “Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” [06/11/2007 05:16 PM] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/03/2004 07:26 PM] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “tscuninstall”=%systemroot%\system32\tscupgrd.exe “ShowDeskFix”=regsvr32 /s /n /i:u shell32 “IE7-10”=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,4,N [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" S3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 10:59:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 11/11/2007 11:01:27 . — E O F —

Gutek · 11 Listopad 2007 22:11

Już powinno być Ok

piotrkru · 11 Listopad 2007 22:13

Bardzo dziekuje za pomoc

Pozdrawiam, Piotrkru