Trojan horses detected in your system

(Buja) #1

wpadło mi z internetu jakieś świństwo i gdy wchodze do folderów wyskakuje Attention. Some dangerous Trojan horses detected in your system. Microsoft Windows files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended) co mam z tym zrobić??

Logfile of HijackThis v1.99.1

Scan saved at 11:36:00, on 2008-07-01

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Users\Krzysiek\AppData\Local\Temp\atmadm2.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Prog2\AQQ\AQQ.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Windows\explorer.exe

C:\Users\Krzysiek\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Spybot-S&D IE Protection - {B1892F58-1116-4DEC-92AA-577872EC3D3D} - C:\Windows\system32\domsys.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: nqgpedlr - {7A957AFD-F995-4CDD-8D03-CB83B3672855} - C:\Windows\nqgpedlr.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM…\Run: [PDF Complete] “C:\Program Files\PDF Complete\pdfsty.exe”

O4 - HKLM…\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM…\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM…\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcBSLCV.dll,#1

O4 - HKLM…\Run: [DelayLoad] C:\Users\Krzysiek\AppData\Local\Temp\atmadm2.exe

O4 - HKLM…\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [AQQ] C:\Prog2\AQQ\AQQ.exe

O4 - HKCU…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount

O4 - HKCU…\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O21 - SSODL: okmdepgb - {C42891E1-8573-4555-9967-78EF4694AF4B} - C:\Windows\okmdepgb.dll (file missing)

O21 - SSODL: axrfgvek - {5F13C10E-5F43-40AD-8BF8-38EFD814AC08} - C:\Windows\axrfgvek.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

z góry dzieki za pomoc

(Spandau) #2

Usuń te wpisy w HJT

włącz HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofixale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum

Po tym usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

(Gutek) #3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

(Buja) #4

ComboFix 08-06-20.4 - Krzysiek 2008-07-01 14:15:40.1 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.205 [GMT 2:00]

Running from: C:\Users\Krzysiek\Desktop\ComboFix.exe

Command switches used :: C:\Users\Krzysiek\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\Program Files\IEAntiVirus\ANTIVIR.exe

C:\Users\Krzysiek\AppData\Local\Temp\atmadm2.exe

C:\Windows\nqgpedlr.dll

C:\Windows\system32\ddcBSLCV.dll

C:\Windows\system32\domsys.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\Krzysiek\AppData\Local\Temp\atmadm2.exe

C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IE AntiVirus 3.3.lnk

C:\Windows\entl.exe

C:\Windows\nqgpedlr.dll

C:\Windows\system32\ddcBSLCV.dll

C:\Windows\system32\domsys.dll

C:\Windows\system32\x64

E:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-01 09:09 --------- d-----w C:\Program Files\PCHealthCenter

2008-07-01 09:05 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\uTorrent

2008-07-01 08:21 110,304 ----a-w C:\Windows\system32\drivers\ACEDRV09.sys

2008-07-01 08:12 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-07-01 08:05 --------- d-----w C:\Program Files\Alcohol Soft

2008-07-01 08:00 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-06-26 10:29 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-06-25 14:43 --------- d-----w C:\Program Files\CDex_170b2

2008-05-27 18:02 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\Nvu

2008-05-27 18:02 --------- d-----w C:\Program Files\Nvu

2008-05-27 13:05 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-27 13:05 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-05-19 12:06 --------- d-----w C:\Program Files\Google

2008-05-16 11:30 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\Pro Cycling Manager 2007

2008-04-23 05:47 117,008 ----a-w C:\Users\Krzysiek\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-11-28 13:33 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{7A957AFD-F995-4CDD-8D03-CB83B3672855}”= “C:\Windows\nqgpedlr.dll” []

[HKEY_CLASSES_ROOT\clsid{7a957afd-f995-4cdd-8d03-cb83b3672855}]

[HKEY_CLASSES_ROOT\nqgpedlr.1]

[HKEY_CLASSES_ROOT\TypeLib{BBB1C6F1-EBC7-4736-BF85-27CCBA94D12D}]

[HKEY_CLASSES_ROOT\nqgpedlr]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-04-19 13:26 484904]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-10-23 15:18 202024]

“AQQ”=“C:\Prog2\AQQ\AQQ.exe” [2007-02-28 14:18 2351864]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-09-11 04:40 218032]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 14:34 201728]

“AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-03-01 11:37 2321600]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-02-21 15:14 1183744]

“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2007-06-13 11:01 138008]

“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2007-06-13 11:01 154392]

“Persistence”=“C:\Windows\system32\igfxpers.exe” [2007-06-13 11:01 133912]

“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 08:38 331552]

“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE” [2007-01-09 15:52 145184]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-06-07 20:14 833072]

“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-05-11 13:21 472632]

“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 16:12 317128]

“HP Health Check Scheduler”=“c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-06-05 09:12 71176]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-06-11 08:55 163840]

“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 23:11 49152]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 09:51 1836328]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 20:51 39792]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

“ST Recovery Launcher”=“C:\Windows\SMINST\launcher.exe” [2007-06-06 14:34 44168]

C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:00 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-11-28 14:45:35 192512]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

“{37F0C601-C555-491B-BDEE-EAAD0BB7A31A}”= C:\Windows\system32\ddcBSLCV.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“okmdepgb”= {C42891E1-8573-4555-9967-78EF4694AF4B} - C:\Windows\okmdepgb.dll []

“axrfgvek”= {5F13C10E-5F43-40AD-8BF8-38EFD814AC08} - C:\Windows\axrfgvek.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

DeviceNP.dll 2007-06-08 09:04 49152 C:\WINDOWS\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UacDisableNotify”=dword:00000001

“InternetSettingsDisableNotify”=dword:00000001

“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{1FAB7612-D839-4353-86F0-79F6F6583DB8}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

“{65A35E2A-E588-4B27-83F4-5E663B58D530}”= UDP:C:\Prog2\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{E999AF34-CA3C-468D-B8E3-34545C14C0AD}”= TCP:C:\Prog2\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{CDDF8783-C271-4C6A-8145-2065408E8A17}”= UDP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{05A0D9FD-7BC5-4421-82C3-14767C8CFDE3}”= TCP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{D5EC3A03-0C95-4856-B136-64888D3D9E3C}”= UDP:C:\Prog2\Pro Cycling Manager\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{8672A7F2-1DFB-4012-B4BE-9C1684924CE5}”= TCP:C:\Prog2\Pro Cycling Manager\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“TCP Query User{446BEEE7-21F3-438C-9813-C91EA4CB6443}C:\program files\tlen.pl\tlen.exe”= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“UDP Query User{28F6A40C-55EE-442E-9C82-4672302C2A82}C:\program files\tlen.pl\tlen.exe”= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“TCP Query User{4876F820-FFC0-46A6-8465-7D2049BE4261}C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe”= UDP:C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe:Cym2005

“UDP Query User{86E50DBF-5502-40F0-9504-31E66C608991}C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe”= TCP:C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe:Cym2005

“{636613CB-2DF8-4DCE-ABCB-F3A29813CB11}”= UDP:C:\Prog2\POPPP\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{F3CC8E39-3D72-4086-B418-8E004B8D59BC}”= TCP:C:\Prog2\POPPP\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{64F5EB49-A173-41E0-A73E-8AA2C3A9B2F1}”= UDP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{FB964BB1-4A74-4FBB-8A5F-EF015BB2CAA0}”= TCP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“TCP Query User{228EDED4-6618-4CAB-AFA3-AC664CCA7265}C:\prog2\poppp\pro cycling manager\cym2005.exe”= UDP:C:\prog2\poppp\pro cycling manager\cym2005.exe:Cym2005

“UDP Query User{92C7E14E-E403-4CB4-B584-149103E791C9}C:\prog2\poppp\pro cycling manager\cym2005.exe”= TCP:C:\prog2\poppp\pro cycling manager\cym2005.exe:Cym2005

“TCP Query User{275B7F48-C3B3-41CD-B17E-07F76542E96F}C:\program files\tlen.pl\tlen.exe”= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“UDP Query User{A842E0C2-3D1E-4A8E-8484-8430CB189158}C:\program files\tlen.pl\tlen.exe”= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“TCP Query User{54C5A78D-5423-45C5-A19F-6A8127CFCBAF}C:\prog2\aqq\aqq.exe”= UDP:C:\prog2\aqq\aqq.exe:AQQ

“UDP Query User{08A78368-5F13-4D5F-9BED-77DC91C3AFCC}C:\prog2\aqq\aqq.exe”= TCP:C:\prog2\aqq\aqq.exe:AQQ

“TCP Query User{9E9FA242-F1D3-44A4-A71A-252843327F02}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule

“UDP Query User{B7F20951-27E4-49AA-9C96-377C7359DC21}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule

“TCP Query User{104F446D-E3D3-4F5E-97CC-902AE7E5362D}C:\prog2\aqq\aqq.exe”= UDP:C:\prog2\aqq\aqq.exe:AQQ

“UDP Query User{04B8B78E-4119-48C2-8459-12D3803DB00A}C:\prog2\aqq\aqq.exe”= TCP:C:\prog2\aqq\aqq.exe:AQQ

“TCP Query User{D890DFC2-4428-4AA7-B7BA-BFB7B445BA43}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule

“UDP Query User{8DB1D1BD-551A-4B06-A1CE-A0AA1712B748}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule

“TCP Query User{8460C7C4-E551-48B9-8C82-8660E0C7E2E8}C:\program files\sopcast\sopcast.exe”= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

“UDP Query User{96CDE965-3FA6-4220-80BF-171DBFD6A72F}C:\program files\sopcast\sopcast.exe”= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

“TCP Query User{3A346B29-19D1-44BF-A110-32A70260E74F}C:\program files\sopcast\adv\sopadver.exe”= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

“UDP Query User{8F426BF3-0A34-41E3-858A-85FE6774F920}C:\program files\sopcast\adv\sopadver.exe”= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

“{0052DC52-2F17-485D-BF47-A176FF2C7055}”= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

“{DCCBA197-36C0-4CE9-BAFF-A0C77A515D48}”= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

“TCP Query User{892BF438-80F7-438E-A64D-C744CF44FD16}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

“UDP Query User{14499454-3AB7-4395-AE23-0890C57415BD}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

“TCP Query User{46F86830-714E-4E66-96D7-A928ED8BCA9C}C:\program files\bearshare applications\bearshare\bearshare.exe”= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“UDP Query User{6DD30113-2753-4438-8DC7-AC20D6DEC00B}C:\program files\bearshare applications\bearshare\bearshare.exe”= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“TCP Query User{D90A6B4C-3501-4A87-A4BE-23F96BF4CD83}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

“UDP Query User{E7C66856-4FEE-4ABA-9992-B9042D395B9F}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

“TCP Query User{6153881B-650F-418D-9661-03256C5CA114}C:\prog2\pro cycling manager 2007\pcm.exe”= UDP:C:\prog2\pro cycling manager 2007\pcm.exe:pcm

“UDP Query User{A9ACE566-9C1D-4AEF-ADB1-B176EB328A66}C:\prog2\pro cycling manager 2007\pcm.exe”= TCP:C:\prog2\pro cycling manager 2007\pcm.exe:pcm

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2008-07-01 10:21]

R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 08:44]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);“c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe” -sMSSMLBIZ []

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]

R3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 12:42]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 12:42]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 12:42]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-07 04:04]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 08:49]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\system32\flcdlock.exe [2007-06-08 09:06]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{158a8d90-3eaf-11dd-9080-001a6bf0f6c5}]

\shell\AutoRun\command - un9.cmd

\shell\explore\Command - un9.cmd

\shell\open\Command - un9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4b98338a-3ee8-11dd-8f03-001a6bf0f6c5}]

\shell\AutoRun\command - un9.cmd

\shell\explore\Command - un9.cmd

\shell\open\Command - un9.cmd

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 14:19:48

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-01 14:21:30

ComboFix-quarantined-files.txt 2008-07-01 12:21:17

System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.

System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.

197 — E O F — 2007-12-03 15:02:33

W dniu 01.07.2008 , o godzinie 14:31 został dopisany post przez kryspin3

wygląda na to że wszystko teraz działa ok. Dziękuje bardzo za pomoc.

(Spandau) #5

Pobierz Combofixale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

(Buja) #6

ale mam to zrobić mimo iż komunikat juz nie występuje??

(Gutek) #7

Zrób to o co jesteś proszony

(Spandau) #8

Tak , to ma na celu usunięcie niepotrzebnych wpisów rejestru.

Następnie Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj tym Kaspersky Online Scanner daj raport z niego na forum

(Buja) #9

ComboFix 08-06-20.4 - Krzysiek 2008-07-01 16:55:18.2 - NTFSx86

Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.273 [GMT 2:00]

Running from: C:\Users\Krzysiek\Desktop\ComboFix.exe

Command switches used :: C:\Users\Krzysiek\Desktop\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-01 14:30 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\uTorrent

2008-07-01 13:15 --------- d-----w C:\ProgramData\Stardock

2008-07-01 13:05 --------- dc-h–w C:\ProgramData{1EB63B4B-5639-4477-8E24-05C31B5F8019}

2008-07-01 13:04 --------- d–h--w C:\ProgramData{F8C68EDE-B8FE-4310-97A9-BF1BF0722E5E}

2008-07-01 13:04 --------- d-----w C:\Program Files\Stardock

2008-07-01 09:09 --------- d-----w C:\Program Files\PCHealthCenter

2008-07-01 08:21 110,304 ----a-w C:\Windows\system32\drivers\ACEDRV09.sys

2008-07-01 08:12 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-07-01 08:05 --------- d-----w C:\Program Files\Alcohol Soft

2008-07-01 08:00 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-06-26 10:29 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-06-25 14:43 --------- d-----w C:\Program Files\CDex_170b2

2008-05-27 18:02 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\Nvu

2008-05-27 18:02 --------- d-----w C:\Program Files\Nvu

2008-05-27 13:05 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-27 13:05 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-05-21 17:33 56,496 ----a-w C:\Windows\System32\wbhelp2.dll

2008-05-19 12:06 --------- d-----w C:\Program Files\Google

2008-05-16 11:30 --------- d-----w C:\Users\Krzysiek\AppData\Roaming\Pro Cycling Manager 2007

2008-04-23 05:47 117,008 ----a-w C:\Users\Krzysiek\AppData\Roaming\GDIPFONTCACHEV1.DAT

2007-11-28 13:33 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-04-19 13:26 484904]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-10-23 15:18 202024]

“AQQ”=“C:\Prog2\AQQ\AQQ.exe” [2007-02-28 14:18 2351864]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-09-11 04:40 218032]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 14:34 201728]

“AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-03-01 11:37 2321600]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-02-21 15:14 1183744]

“IgfxTray”=“C:\Windows\system32\igfxtray.exe” [2007-06-13 11:01 138008]

“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe” [2007-06-13 11:01 154392]

“Persistence”=“C:\Windows\system32\igfxpers.exe” [2007-06-13 11:01 133912]

“PDF Complete”=“C:\Program Files\PDF Complete\pdfsty.exe” [2007-05-08 08:38 331552]

“PTHOSTTR”=“C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE” [2007-01-09 15:52 145184]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-06-07 20:14 833072]

“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-05-11 13:21 472632]

“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-10 16:12 317128]

“HP Health Check Scheduler”=“c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2007-06-05 09:12 71176]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-06-11 08:55 163840]

“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 23:11 49152]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 09:51 1836328]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 20:51 39792]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

“ST Recovery Launcher”=“C:\Windows\SMINST\launcher.exe” [2007-06-06 14:34 44168]

C:\Users\Krzysiek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:00 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-11-28 14:45:35 192512]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]

DeviceNP.dll 2007-06-08 09:04 49152 C:\WINDOWS\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UacDisableNotify”=dword:00000001

“InternetSettingsDisableNotify”=dword:00000001

“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{1FAB7612-D839-4353-86F0-79F6F6583DB8}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

“{65A35E2A-E588-4B27-83F4-5E663B58D530}”= UDP:C:\Prog2\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{E999AF34-CA3C-468D-B8E3-34545C14C0AD}”= TCP:C:\Prog2\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{CDDF8783-C271-4C6A-8145-2065408E8A17}”= UDP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{05A0D9FD-7BC5-4421-82C3-14767C8CFDE3}”= TCP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{D5EC3A03-0C95-4856-B136-64888D3D9E3C}”= UDP:C:\Prog2\Pro Cycling Manager\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{8672A7F2-1DFB-4012-B4BE-9C1684924CE5}”= TCP:C:\Prog2\Pro Cycling Manager\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“TCP Query User{446BEEE7-21F3-438C-9813-C91EA4CB6443}C:\program files\tlen.pl\tlen.exe”= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“UDP Query User{28F6A40C-55EE-442E-9C82-4672302C2A82}C:\program files\tlen.pl\tlen.exe”= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“TCP Query User{4876F820-FFC0-46A6-8465-7D2049BE4261}C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe”= UDP:C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe:Cym2005

“UDP Query User{86E50DBF-5502-40F0-9504-31E66C608991}C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe”= TCP:C:\prog2\pro cycling manager\pro cycling manager\cym2005.exe:Cym2005

“{636613CB-2DF8-4DCE-ABCB-F3A29813CB11}”= UDP:C:\Prog2\POPPP\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{F3CC8E39-3D72-4086-B418-8E004B8D59BC}”= TCP:C:\Prog2\POPPP\Pro Cycling Manager\Cym2005.exe:Pro Cycling Manager

“{64F5EB49-A173-41E0-A73E-8AA2C3A9B2F1}”= UDP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“{FB964BB1-4A74-4FBB-8A5F-EF015BB2CAA0}”= TCP:C:\Prog2\Nowy folder\GameCenter\GameCenter.exe:GameCenter

“TCP Query User{228EDED4-6618-4CAB-AFA3-AC664CCA7265}C:\prog2\poppp\pro cycling manager\cym2005.exe”= UDP:C:\prog2\poppp\pro cycling manager\cym2005.exe:Cym2005

“UDP Query User{92C7E14E-E403-4CB4-B584-149103E791C9}C:\prog2\poppp\pro cycling manager\cym2005.exe”= TCP:C:\prog2\poppp\pro cycling manager\cym2005.exe:Cym2005

“TCP Query User{275B7F48-C3B3-41CD-B17E-07F76542E96F}C:\program files\tlen.pl\tlen.exe”= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“UDP Query User{A842E0C2-3D1E-4A8E-8484-8430CB189158}C:\program files\tlen.pl\tlen.exe”= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl

“TCP Query User{54C5A78D-5423-45C5-A19F-6A8127CFCBAF}C:\prog2\aqq\aqq.exe”= UDP:C:\prog2\aqq\aqq.exe:AQQ

“UDP Query User{08A78368-5F13-4D5F-9BED-77DC91C3AFCC}C:\prog2\aqq\aqq.exe”= TCP:C:\prog2\aqq\aqq.exe:AQQ

“TCP Query User{9E9FA242-F1D3-44A4-A71A-252843327F02}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule

“UDP Query User{B7F20951-27E4-49AA-9C96-377C7359DC21}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule

“TCP Query User{104F446D-E3D3-4F5E-97CC-902AE7E5362D}C:\prog2\aqq\aqq.exe”= UDP:C:\prog2\aqq\aqq.exe:AQQ

“UDP Query User{04B8B78E-4119-48C2-8459-12D3803DB00A}C:\prog2\aqq\aqq.exe”= TCP:C:\prog2\aqq\aqq.exe:AQQ

“TCP Query User{D890DFC2-4428-4AA7-B7BA-BFB7B445BA43}C:\program files\emule\emule.exe”= UDP:C:\program files\emule\emule.exe:eMule

“UDP Query User{8DB1D1BD-551A-4B06-A1CE-A0AA1712B748}C:\program files\emule\emule.exe”= TCP:C:\program files\emule\emule.exe:eMule

“TCP Query User{8460C7C4-E551-48B9-8C82-8660E0C7E2E8}C:\program files\sopcast\sopcast.exe”= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

“UDP Query User{96CDE965-3FA6-4220-80BF-171DBFD6A72F}C:\program files\sopcast\sopcast.exe”= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application

“TCP Query User{3A346B29-19D1-44BF-A110-32A70260E74F}C:\program files\sopcast\adv\sopadver.exe”= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

“UDP Query User{8F426BF3-0A34-41E3-858A-85FE6774F920}C:\program files\sopcast\adv\sopadver.exe”= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

“{0052DC52-2F17-485D-BF47-A176FF2C7055}”= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

“{DCCBA197-36C0-4CE9-BAFF-A0C77A515D48}”= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

“TCP Query User{892BF438-80F7-438E-A64D-C744CF44FD16}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

“UDP Query User{14499454-3AB7-4395-AE23-0890C57415BD}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

“TCP Query User{46F86830-714E-4E66-96D7-A928ED8BCA9C}C:\program files\bearshare applications\bearshare\bearshare.exe”= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“UDP Query User{6DD30113-2753-4438-8DC7-AC20D6DEC00B}C:\program files\bearshare applications\bearshare\bearshare.exe”= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare

“TCP Query User{D90A6B4C-3501-4A87-A4BE-23F96BF4CD83}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

“UDP Query User{E7C66856-4FEE-4ABA-9992-B9042D395B9F}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

“TCP Query User{6153881B-650F-418D-9661-03256C5CA114}C:\prog2\pro cycling manager 2007\pcm.exe”= UDP:C:\prog2\pro cycling manager 2007\pcm.exe:pcm

“UDP Query User{A9ACE566-9C1D-4AEF-ADB1-B176EB328A66}C:\prog2\pro cycling manager 2007\pcm.exe”= TCP:C:\prog2\pro cycling manager 2007\pcm.exe:pcm

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 ACEDRV09;ACEDRV09;C:\Windows\system32\drivers\ACEDRV09.sys [2008-07-01 10:21]

R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 08:44]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);“c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe” -sMSSMLBIZ []

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]

R3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-05-11 12:42]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 12:42]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-05-11 12:42]

R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-07 04:04]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]

S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 08:49]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\system32\flcdlock.exe [2007-06-08 09:06]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1a5692fa-4745-11dd-a425-001a6bf0f6c5}]

\shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 16:59:18

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-01 17:00:44

ComboFix-quarantined-files.txt 2008-07-01 15:00:28

ComboFix2.txt 2008-07-01 12:21:31

System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.

System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.

168 — E O F — 2007-12-03 15:02:33

(Gutek) #10

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

(Buja) #11

Jak mam dać raport w tego skanu antyvireusem bo nie bardzo jest tu taka opcja??

(huber2t) #12

Na koniec skanowania jest opcja zapisu logu

(Buja) #13

To proszę mi powiedzieć gdzie bo ja jej nie widzę

(Spandau) #14

To przeskanuj tym Dr.WEB CureIt! daj raport na forum

(Buja) #15

nie mogę wstawić raportu bo jest napisane że ma za dużo znaków

(huber2t) #16

Wstaw raport na wklejto.pl i daj link w poście

(matio) #17

to wrzuć raport na www.wklejto.pl i daj tu link

(Buja) #18

http://www.wklejto.pl/4660 to ten raport

(Gutek) #19

No Ok