Zablokowany menedżer zadań i rejestr

jaca1331 · 15 Sierpień 2008 20:19

otóż to co w temacie poniżej logi z hijackthis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:08:13, on 2008-08-15 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Opera\opera.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.859\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{89B59A1E-1E54-4FD6-ADD2-8CFDA76E587E}: NameServer = 194.204.159.1 217.98.63.164 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe – End of file - 6229 bytes

Dom1 · 15 Sierpień 2008 20:30

Fix w HJT:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

(Jest chyba jeszcze coś, ale nie jestem pewna, co do usunięcia)

Leon1 · 15 Sierpień 2008 20:30

wpisy

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

jaca1331 · 15 Sierpień 2008 20:45

logi

ComboFix 08-08-14.05 - Administrator 2008-08-15 22:42:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.1504 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AskTBar C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\Program Files\AskTBar\bar\Cache\01D23BA6 C:\Program Files\AskTBar\bar\Cache\01D241B1.bin C:\Program Files\AskTBar\bar\Cache\01D24442.bin C:\Program Files\AskTBar\bar\Cache\01D24693.bin C:\Program Files\AskTBar\bar\Cache\files.ini C:\Program Files\AskTBar\bar\History\search2 C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL . ((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 ))))))))))))))))))))))))))))))) . 2008-08-15 22:09 . 2008-08-15 22:09 2008-08-15 13:29 . 2005-11-18 17:14 65 --a------ C:\readconnections.bat 2008-08-15 13:27 . 2008-08-15 13:36 2008-08-13 17:23 . 2008-08-13 18:55 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmpEF9EC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp96DEC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp948EC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp8EAEC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp4F8EC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp179EC.FOT 2008-08-13 17:23 . 2008-08-13 17:23 1,409 --a------ C:\WINDOWS\system32\tmp13CEC.FOT 2008-08-12 14:58 . 2008-08-12 14:58 2008-08-12 14:48 . 2008-08-12 14:48 2008-08-12 14:48 . 2008-08-15 22:43 2008-08-10 19:53 . 2008-08-10 19:53 2008-08-10 19:53 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2008-08-10 19:53 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2008-08-10 19:53 . 2008-08-10 19:53 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-08-10 19:53 . 2008-08-10 19:53 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-08-10 19:53 . 2008-08-10 19:53 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-08-10 19:53 . 2008-08-10 19:53 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-10 19:53 . 2008-08-10 19:53 22,328 --a------ C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys 2008-08-10 19:41 . 2008-08-10 19:42 2008-08-10 19:40 . 2008-08-10 19:41 2008-08-08 12:47 . 2008-08-08 12:47 2008-08-08 12:44 . 2004-07-02 00:10 360,448 --a–c— C:\WINDOWS\system32\dllcache\qmgr.dll 2008-08-08 12:44 . 2004-07-02 00:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2008-08-08 12:44 . 2004-07-02 00:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2008-08-08 12:44 . 2004-07-02 00:10 17,408 --a–c— C:\WINDOWS\system32\dllcache\qmgrprxy.dll 2008-08-08 12:44 . 2004-07-02 00:10 7,680 -----c— C:\WINDOWS\system32\dllcache\bitsprx2.dll 2008-08-08 12:44 . 2004-07-02 00:10 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll 2008-08-08 12:44 . 2004-07-02 00:10 7,168 -----c— C:\WINDOWS\system32\dllcache\bitsprx3.dll 2008-08-08 12:44 . 2004-07-02 00:10 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2008-08-08 12:40 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2008-08-08 12:40 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2008-08-08 12:40 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2008-08-08 12:40 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2008-08-08 12:40 . 2004-08-03 14:04 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2008-08-08 12:40 . 2004-08-03 14:03 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2008-08-08 12:40 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll 2008-08-07 18:39 . 2008-08-15 22:01 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-08-07 15:37 . 2008-08-07 15:37 2008-08-07 12:33 . 2007-07-02 15:02 996,648 --a------ C:\WINDOWS\system32\ShellManager10E2D762.dll 2008-08-07 12:33 . 2007-07-02 14:19 638,976 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-08-06 13:48 . 2008-08-06 13:48 2008-08-06 13:48 . 2008-08-14 16:47 2008-08-06 13:47 . 2008-08-06 13:47 2008-08-06 13:47 . 2008-08-06 13:47 2008-08-06 13:47 . 2008-08-06 13:47 2008-08-06 13:43 . 2008-08-06 13:43 2008-08-05 13:13 . 2008-08-05 13:13 2008-08-05 12:47 . 2008-08-05 12:47 2008-08-05 12:47 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-08-05 12:47 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-08-05 11:53 . 2008-08-05 11:53 2008-08-05 11:53 . 2008-08-05 11:53 2008-08-05 11:25 . 2008-08-05 11:25 2008-08-05 11:25 . 2008-08-05 11:25 2008-08-05 11:25 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2008-08-05 11:25 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2008-08-05 10:45 . 2008-08-05 10:45 2008-08-05 10:42 . 2008-08-05 10:42 2008-08-05 10:40 . 2008-08-13 23:10 2008-08-03 17:25 . 2008-08-03 17:25 2008-08-03 17:25 . 2008-08-03 17:25 2008-08-03 17:24 . 2008-08-12 15:37 2008-08-03 10:32 . 2008-08-03 10:32 2008-08-03 10:32 . 2008-08-03 10:32 2008-08-01 13:02 . 2008-08-12 14:58 2008-08-01 11:25 . 2008-08-01 11:28 2008-08-01 10:22 . 2008-08-01 10:22 2008-07-30 17:09 . 2008-07-30 17:12 2008-07-30 17:09 . 2008-08-15 14:29 2008-07-30 13:28 . 2008-07-30 13:28 2008-07-30 13:28 . 2008-08-15 22:31 2008-07-30 09:54 . 2008-07-30 13:42 2008-07-30 09:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-30 09:53 . 2008-07-30 09:54 2008-07-30 09:53 . 2008-07-30 09:53 2008-07-30 00:21 . 2008-07-30 00:21 2008-07-30 00:20 . 2008-07-30 00:20 2008-07-30 00:20 . 2008-07-30 00:20 2008-07-30 00:20 . 2004-02-08 15:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax 2008-07-30 00:20 . 2005-11-25 21:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax 2008-07-30 00:20 . 2006-02-26 02:34 208,896 --a------ C:\WINDOWS\system32\VideoEdit.ocx 2008-07-30 00:20 . 2006-01-17 03:59 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll 2008-07-30 00:20 . 2006-02-17 22:02 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll 2008-07-30 00:20 . 2003-08-19 04:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll 2008-07-30 00:05 . 2008-08-15 13:27 2008-07-30 00:05 . 2008-07-30 00:05 2008-07-30 00:00 . 2008-07-30 00:00 2008-07-29 13:30 . 2008-07-29 13:30 2008-07-29 13:28 . 2008-07-29 13:28 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-28 20:52 . 2008-07-28 20:52 2008-07-28 20:52 . 2008-07-28 20:52 2008-07-27 22:24 . 2008-07-27 22:24 2008-07-27 21:08 . 2008-07-27 21:08 2008-07-27 20:48 . 2008-07-27 20:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-07-27 20:47 . 2008-03-09 06:25 236 --ah----- C:\Program Files\Common Files\dx.reg 2008-07-27 15:27 . 2008-08-15 12:11 2008-07-27 15:09 . 2008-07-27 15:09 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-27 14:21 . 2008-07-27 14:21 2008-07-27 14:21 . 2008-07-27 14:21 2008-07-27 14:20 . 2008-08-06 22:07 2008-07-27 14:20 . 2008-07-27 14:20 2008-07-27 13:46 . 2005-11-13 09:46 316,640 --a------ C:\WINDOWS\WMSysPr9.prx 2008-07-27 13:44 . 2008-07-27 13:46 2008-07-27 13:44 . 2008-07-27 14:42 2008-07-26 19:19 . 2008-07-26 19:19 2008-07-26 19:14 . 2008-08-13 20:03 2008-07-26 19:14 . 2008-07-26 19:15 2008-07-26 18:22 . 2007-05-11 00:03 115,999 --a------ C:\WINDOWS\system32\nvapps.xml 2008-07-26 18:21 . 2008-07-26 18:21 2008-07-26 18:21 . 2008-08-12 14:49 2008-07-26 18:21 . 2007-05-11 00:03 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-07-26 18:21 . 2007-05-11 00:03 17,431 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-07-26 18:14 . 2008-08-12 14:58 2008-07-26 18:13 . 2008-07-26 18:13 8 --a------ C:\DFIMB.DAT 2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax 2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 12:58 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-08-05 09:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-26 12:44 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-26 12:41 --------- d-----w C:\Program Files\Usługi online 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 11:12 1849032] “AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2008-08-12 15:39 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 18:07 24576] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 18:07 20480] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 18:07 53248] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-05-11 00:03 8429568] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [2006-08-01 17:04 3313664] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-08-12 14:58:21 966756] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.xvid”= xvid.dll [HKLM~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] --a------ 2007-08-31 12:25 249896 C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] --a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2001-10-26 19:29 13312 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2006-11-14 11:12 1849032 C:\Program Files\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2001-08-02 07:14 1077277 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-05-11 00:03 8429568 C:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-05-11 00:03 81920 C:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerArchiver Tray] --a------ 2007-05-23 21:17 141352 C:\Program Files\PowerArchiver\PASTARTER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-05-11 00:03 1626112 C:\WINDOWS\system32\nwiz.exe R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22] R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04] R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2007-07-18 08:09] S2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2007-08-28 13:08] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 22:43:07 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2008-08-15 22:44:34 ComboFix-quarantined-files.txt 2008-08-15 20:43:33 ComboFix2.txt 2008-08-15 20:41:53 Pre-Run: 17,089,310,720 bajtów wolnych Post-Run: 17,080,221,696 bajtów wolnych 231 — E O F — 2008-08-08 10:47:23

Leon1 · 15 Sierpień 2008 21:06

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5