Your system is infected with dangerous virus!

szymi12 · 6 Maj 2008 10:47

Od jakiegoś czasu pojawia sie okienko z komunikatem Your system is infected with dangerous virus! i po kliknieciu na przucisk “ok” instaluje sie jakiś program atywirusowy nie mogę sobie dać z tym rady. I przeszkada w pracy oraz przęglądaniu różnych folderów

To jest log z Combofix

ComboFix 08-05-01.3 - user 2008-05-06 12:56:14.7 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.135 [GMT 2:00]

Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))

.

2008-05-06 10:47 . 2006-08-21 11:14 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys

2008-05-06 10:47 . 2006-08-21 11:14 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe

2008-05-06 10:47 . 2006-08-21 14:28 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll

2008-05-06 10:25 . 2007-10-25 18:44 8,488,960 --a–c— C:\WINDOWS\system32\dllcache\shell32.dll

2008-05-06 10:25 . 2007-06-26 08:10 1,104,896 -----c— C:\WINDOWS\system32\dllcache\msxml3.dll

2008-05-06 10:25 . 2007-06-13 15:23 1,034,752 -----c— C:\WINDOWS\system32\dllcache\explorer.exe

2008-05-06 10:25 . 2006-12-26 15:09 536,576 -----c— C:\WINDOWS\system32\dllcache\msado15.dll

2008-05-06 10:25 . 2006-08-14 12:34 332,928 -----c— C:\WINDOWS\system32\dllcache\srv.sys

2008-05-06 10:25 . 2006-12-26 15:09 200,704 -----c— C:\WINDOWS\system32\dllcache\msadox.dll

2008-05-06 10:25 . 2006-12-26 15:09 180,224 -----c— C:\WINDOWS\system32\dllcache\msadomd.dll

2008-05-06 10:25 . 2006-10-13 14:41 143,872 -----c— C:\WINDOWS\system32\dllcache\nwprovau.dll

2008-05-06 10:25 . 2006-12-19 23:51 135,168 -----c— C:\WINDOWS\system32\dllcache\shsvcs.dll

2008-05-06 10:25 . 2006-12-26 15:09 102,400 -----c— C:\WINDOWS\system32\dllcache\msjro.dll

2008-05-06 10:23 . 2007-11-07 11:29 723,968 -----c— C:\WINDOWS\system32\dllcache\lsasrv.dll

2008-05-06 10:23 . 2007-12-04 20:42 550,912 -----c— C:\WINDOWS\system32\dllcache\oleaut32.dll

2008-05-06 10:23 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2008-05-06 10:21 . 2007-07-09 15:20 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-05-06 10:21 . 2007-04-02 07:59 546,304 -----c— C:\WINDOWS\system32\dllcache\hhctrl.ocx

2008-05-06 10:21 . 2006-05-05 11:41 453,120 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys

2008-05-06 10:21 . 2006-05-05 11:47 174,592 -----c— C:\WINDOWS\system32\dllcache\rdbss.sys

2008-05-06 09:42 . 2008-05-06 09:45

2008-05-06 09:42 . 2008-05-06 09:43

2008-05-06 09:42 . 2008-05-06 09:45

2008-05-06 09:42 . 2008-05-06 09:42 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2008-05-05 10:32 . 2008-05-05 10:32

2008-04-09 20:06 . 2008-05-05 11:48

2008-04-09 20:05 . 2008-04-09 20:05

2008-04-07 22:44 . 2008-04-07 22:45 211,456 --a------ C:\WINDOWS\cndr32a.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-09 17:59 --------- d-----w C:\Program Files\ESET

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{1CF50F68-ECAD-45C6-AFC1-B5DC4B95B15E}]

2008-04-07 22:45 211456 --a------ C:\WINDOWS\cndr32a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 12:04 65536]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-03-18 20:19 67128]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-11 22:26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2006-03-17 15:37 344064]

“RTHDCPL”=“RTHDCPL.EXE” [2006-04-18 06:34 16143872 C:\WINDOWS\RTHDCPL.exe]

“Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2004-03-23 22:40 196608]

“AGRSMMSG”=“AGRSMMSG.exe” [2006-03-18 08:22 89541 C:\WINDOWS\agrsmmsg.exe]

“PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2005-12-22 15:34 1077329]

“CeEKEY”=“C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe” [2006-03-16 13:27 634880]

“HWSetup”=“C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe” [2004-05-01 13:45 28672]

“SVPWUTIL”=“C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe” [2004-05-01 13:45 65536]

“TPNF”=“C:\Program Files\TOSHIBA\TouchPad\TPTray.exe” [2006-04-04 14:57 53248]

“Zooming”=“ZoomingHook.exe” [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]

“TPSMain”=“TPSMain.exe” [2005-09-13 10:01 266240 C:\WINDOWS\system32\TPSMain.exe]

“SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [2005-05-13 11:03 118784]

“Tvs”=“C:\Program Files\TOSHIBA\Tvs\TvsTray.exe” [2006-02-02 13:11 73728]

“DDWMon”=“C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe” [2006-04-28 11:49 262144]

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-18 20:19:31 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-01 16:21:43 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“SENTINEL”= snti386.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-04-18 15:12]

R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 18:49]

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\system32{DEF85C80-216A-43ab-AF70-1665EDBE2780} []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c66cce32-c502-11db-86fe-0016e3a0f3d2}]

\Shell\AutoRun\command - E:\SETUP.EXE

\Shell\configure\command - E:\SETUP.EXE

\Shell\install\command - E:\SETUP.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-06 12:57:27

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services{DEF85C80-216A-43ab-AF70-1665EDBE2780}]

“ImagePath”="??\C:\WINDOWS\system32{DEF85C80-216A-43ab-AF70-1665EDBE2780}"

.

Completion time: 2008-05-06 12:58:11

ComboFix-quarantined-files.txt 2008-05-06 10:58:07

Pre-Run: 70,747,787,264 bajtów wolnych

Post-Run: 70,737,174,528 bajtów wolnych

112 — E O F — 2008-05-06 08:52:45

http://wklej.org/id/4e55402928

Chillout · 6 Maj 2008 10:52

Wrzuć logi.

Scorpion18 · 6 Maj 2008 10:59

niestety ale pomoże tylko format,masz całkowicie zainfekowany system i nic z tym juz nie zrobisz,wiem bo mialem ten sam problem juz kilka razy,a antywirusy które podaje ten komunikat to fałszywe programy szpiegujace oraz dodatkowe trojany

Gutek · 6 Maj 2008 15:26

Nie jest za ciekawie:

Wklej do Notatnika:

File::

C:\WINDOWS\cndr32a.dll


Driver::

"{DEF85C80-216A-43ab-AF70-1665EDBE2780}"


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CF50F68-ECAD-45C6-AFC1-B5DC4B95B15E}]

[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo oraz skan:

Dr. Web CureIt http://www.searchengines.pl/Mini-skanery-i…nki-t18695.html + raport

Potem daj log z mbr.exe http://www.searchengines.pl/index.php?showtopic=31936

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16t=213350

pauuloo · 9 Maj 2008 22:59

ComboFix 08-05-08.1 - Bond 2008-05-10 0:29:02.2 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.178 [GMT 1:00]

Running from: C:\Documents and Settings\Bond\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))

.

2008-05-09 23:41 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss

2008-05-09 23:38 . 2007-11-20 18:15 1,826,816 --a------ C:\WINDOWS\SkyTel.exe

2008-05-09 23:38 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe

2008-05-09 23:36 . 2008-05-09 23:36 315,392 --a------ C:\WINDOWS\HideWin.exe

2008-05-09 19:42 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-09 19:42 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-09 19:42 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-09 19:42 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-09 19:41 . 2008-05-09 19:41

2008-05-09 17:45 . 2008-05-09 17:45 216,064 --a------ C:\WINDOWS\tonsakre.dll

2008-05-09 17:31 . 2008-05-09 17:31 2 --a------ C:\WINDOWS\pvpeformr.ocx

2008-05-09 16:55 . 2008-05-09 16:55

2008-05-06 17:27 . 2008-05-06 17:27

2008-05-02 23:38 . 2008-05-02 23:38

2008-05-02 23:12 . 2008-05-02 23:12

2008-05-01 20:24 . 2008-05-01 20:24

2008-05-01 20:22 . 2008-05-01 20:22

2008-05-01 20:15 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

2008-04-24 15:38 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-04-24 15:38 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-04-24 14:08 . 2006-10-02 18:21 524,288 -r-h----- C:\A3HF.BIN

2008-04-09 11:51 . 2008-04-09 11:51

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 15:33 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys

2008-04-10 15:52 16,861,184 ----a-w C:\WINDOWS\RTHDCPL.exe

2008-04-02 08:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2008-03-30 14:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\AOL

2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-05 17:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 22:35 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{95E1D855-9232-48F7-80D9-1ADB65B7939C}]

2008-05-09 17:45 216064 --a------ C:\WINDOWS\tonsakre.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Komunikator”=“C:\Program Files\Programy\Tlen.pl\tlen.exe” [2006-12-08 18:22 1118208]

“Gadu-Gadu”=“C:\Program Files\Programy\Gadu-Gadu\gg.exe” [2003-09-02 14:08 729088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ABLKSR”=“C:\WINDOWS\ABLKSR\ABLKSR.exe” [2006-01-02 21:14 61440]

“ACU”=“C:\Program Files\ASUS WLAN Adapter\ACU.exe” [2006-04-28 12:36 307200]

“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-11-28 00:55 98304]

“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-11-28 00:52 77824]

“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-11-28 00:55 118784]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00 132496]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2008-05-02 23:12 185896]

“RTHDCPL”=“RTHDCPL.EXE” [2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AOL 9.0 Tray Icon.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AOL 9.0 Tray Icon.lnk

backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^AOL Companion.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AOL Companion.lnk

backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ASUS ChkMail.lnk

backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^Bond^Menu Start^Programy^Autostart^Cyber-shot Viewer Media Check Tool.lnk]

path=C:\Documents and Settings\Bond\Menu Start\Programy\Autostart\Cyber-shot Viewer Media Check Tool.lnk

backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^Bond^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.1.lnk]

path=C:\Documents and Settings\Bond\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.1.lnk

backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

–a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

–a------ 2006-02-21 15:20 180224 C:\Program Files\ASUS\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

–a------ 2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe]

C:\Program Files\Error Safe Free\ers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

–a------ 2007-09-25 08:10 2007088 C:\Program Files\Programy\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2003-09-02 14:08 729088 C:\Program Files\Programy\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

–a------ 2005-11-28 00:52 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

–a------ 2005-11-28 00:55 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

–a------ 2005-11-28 00:55 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]

–a------ 2006-12-08 18:22 1118208 C:\Program Files\Programy\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]

–a------ 2002-02-04 16:29 886272 C:\WINDOWS\system32\LXSUPMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbssm32]

C:\WINDOWS\system32\smvalid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

–ahs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]

C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]

–a------ 2006-03-06 17:13 86016 C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a------ 2006-10-09 11:43 282624 C:\Program Files\Programy\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

–a------ 2004-11-02 20:24 32768 C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

–a------ 2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

–a------ 2006-07-06 19:02 19951144 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

-ra------ 2006-03-21 09:54 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]

–a------ 2003-09-29 15:53 607232 C:\PROGRA~1\PROGRAMY\SPEEDO~1\SPO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

–a------ 2007-06-12 01:02 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

–a------ 2008-05-02 23:12 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]

C:\Program Files\Wireless Console 2\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Programy\Gadu-Gadu\gg.exe”=

“C:\Program Files\Programy\DC++\DCPlusPlus.exe”=

“C:\Program Files\AOL 9.0\waol.exe”=

“C:\Program Files\Programy\Tlen.pl\tlen.exe”=

“C:\Program Files\Programy\eMule\emule.exe”=

“C:\Program Files\Programy\FlashGet\flashget.exe”=

“C:\Program Files\Internet Explorer\IEXPLORE.EXE”=

“C:\WINDOWS\System32\LEXPPS.EXE”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

“AllowInboundEchoRequest”= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 18:31]

R1 SbPd;SbPd;C:\WINDOWS\system32\Drivers\SbPd.sys [2006-07-16 20:00]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]

S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS []

S3 Wcmbus2k;WCM Enumerator and Bus Driver;C:\WINDOWS\system32\DRIVERS\Wcmbus2k.sys [2004-01-09 12:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{15d1372c-50ff-11dc-ab11-0015af00f4d6}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-10 00:30:54

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-10 0:31:17

ComboFix2.txt 2008-05-09 23:17:20

ComboFix-quarantined-files.txt 2008-05-09 23:31:16

Pre-Run: 1,724,678,144 bajtów wolnych

Post-Run: 1,720,942,592 bajtów wolnych

192 — E O F — 2008-04-12 06:32:27

Leon1 · 10 Maj 2008 11:31

Otwórz notatnik i wklej

Driver:: ASNDIS5 Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Safe] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbssm32] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

pauuloo · 10 Maj 2008 17:34

DZIEKUJE ZA POMOC ALE NADAL NIE POMAGA

ComboFix 08-05-08.1 - Bond 2008-05-10 19:14:28.1 - FAT32 x86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.175 [GMT 1:00]

Running from: C:\Documents and Settings\Bond\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bond\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ASNDIS5

-------\Service_ASNDIS5

((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))

.

2008-05-10 19:21 . 2003-07-29 06:18 3,839 --a------ C:\WINDOWS\system32\drivers\GETPADD.sys

2008-05-10 00:43 . 2008-05-10 00:43