Zmieniajace sie ikony folderow, cos z rejestrem

namrab (Bartk0r) 2007-12-02 00:09:58 UTC #1

zmieniaja mi sie ikony od folderow, ikony zamieniaja sie z tych zoltych domyslnych na notatnikowe itp.. ogolem dziwnie.. prosze o sprawdzenie logow, bede wdzieczny

Logfile of HijackThis v1.99.1 Scan saved at 01:04:16, on 2007-12-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\DC++\DCPlusPlus.exe C:\DOCUME~1\DEEQLU~1\USTAWI~1\Temp\SET29C.tmp C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łšcza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM..\Run: [nwiz] nwiz.exe /install O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM..\RunServices: [Microsoft Security Monitor Process] msword.exe O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Gutek (Gutek) 2007-12-02 01:00:59 UTC #2

usuń wpisy HJT

Daj log z ComboFix

namrab (Bartk0r) 2007-12-02 11:35:23 UTC #3

ComboFix 07-12-02.5 - DEEqLUz^_- 2007-12-02 2:20:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.566 [GMT 1:00] Running from: C:\Documents and Settings\DEEqLUz^_-\Pulpit\ComboFix(3).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cache . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 01:10 . 2005-05-26 15:34 2,297,552 --a--c--- C:\WINDOWS\system32\d3dx9_26.dll 2007-12-01 22:59 . 2007-12-01 22:59 2007-12-01 21:40 . 2007-12-01 21:50 2007-12-01 21:29 . 2007-12-02 01:11 2007-12-01 21:03 . 2007-12-01 21:03 2007-12-01 09:32 . 2007-12-01 21:03 2007-12-01 09:32 . 2007-12-01 21:03 2007-12-01 09:24 . 2007-12-01 22:57 1,791 --a--c--- C:\WINDOWS\bestplayer.ini 2007-12-01 09:24 . 2007-12-01 22:57 284 --a--c--- C:\WINDOWS\bestplayer.bbt 2007-12-01 09:24 . 2007-12-01 22:57 89 --a--c--- C:\WINDOWS\bestplayer.bpp 2007-12-01 08:11 . 2007-12-01 08:11 2007-12-01 03:29 . 2007-12-01 03:29 107,888 --a--c--- C:\WINDOWS\system32\CmdLineExt.dll 2007-12-01 03:13 . 2007-12-01 03:13 2007-12-01 01:58 . 2007-12-01 21:56 2007-12-01 01:58 . 2007-12-01 02:05 2007-12-01 01:43 . 2007-12-01 01:43 685,816 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys 2007-12-01 00:50 . 2007-12-01 00:55 2007-12-01 00:50 . 2007-12-01 00:50 2007-12-01 00:34 . 2007-12-02 00:05 2007-12-01 00:23 . 2007-10-04 17:14 356,352 --a--c--- C:\WINDOWS\system32\nvudisp.exe 2007-12-01 00:23 . 2007-12-01 23:50 140,158 --a--c--- C:\WINDOWS\system32\nvapps.xml 2007-12-01 00:23 . 2007-10-04 17:14 17,525 --a--c--- C:\WINDOWS\system32\nvdisp.nvu 2007-12-01 00:17 . 2007-12-01 00:20 2007-11-30 22:25 . 2007-12-02 02:18 512 --a--c--- C:\WINDOWS\DFC.INI 2007-11-30 22:07 . 2007-11-30 22:07 2007-11-30 22:06 . 2007-12-01 20:46 2007-11-30 20:52 . 2007-12-02 01:10 2007-11-30 20:52 . 2007-10-18 00:16 79,688 --a--c--- C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-30 20:52 . 2007-10-18 00:15 62,280 --a--c--- C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-30 20:52 . 2007-10-18 00:14 41,288 --a--c--- C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-30 20:52 . 2007-10-18 00:16 29,000 --a--c--- C:\WINDOWS\system32\drivers\kcom.sys 2007-11-30 20:51 . 2007-12-02 01:11 2007-11-30 20:51 . 2005-09-23 08:29 626,688 --a--c--- C:\WINDOWS\system32\msvcr80.dll 2007-11-30 20:51 . 2007-12-01 09:32 499,712 --a--c--- C:\WINDOWS\system32\msvcp71.dll 2007-11-30 20:51 . 2007-12-01 09:32 348,160 --a--c--- C:\WINDOWS\system32\msvcr71.dll 2007-11-30 20:45 . 2007-11-30 20:55 2007-11-30 20:44 . 2007-11-30 20:44 2007-11-30 20:38 . 2007-11-30 20:38 2007-11-30 20:38 . 2007-11-30 20:38 559,272 --a--c--- C:\WINDOWS\system32\prfh0415.dat 2007-11-30 20:38 . 2007-11-30 20:38 112,854 --a--c--- C:\WINDOWS\system32\prfc0415.dat 2007-11-30 17:37 . 2004-08-04 00:44 221,184 --a--c--- C:\WINDOWS\system32\wmpns.dll 2007-11-30 16:55 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2007-11-30 15:26 . 2007-12-01 09:28 2007-11-30 14:25 . 2007-11-30 14:26 2007-11-30 13:52 . 2007-07-09 14:20 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-11-30 13:51 . 2007-09-24 23:31 69,632 --a--c--- C:\WINDOWS\system32\javacpl.cpl 2007-11-30 13:50 . 2007-11-30 13:51 2007-11-30 13:50 . 2007-11-30 13:50 2007-11-30 13:49 . 2007-11-30 13:49 2007-11-30 13:48 . 2007-11-30 13:48 2007-11-30 13:47 . 2007-06-26 07:10 1,104,896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-11-30 13:46 . 2007-05-17 12:30 549,376 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-30 13:44 . 2007-06-26 14:57 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll 2007-11-30 13:42 . 2007-06-13 14:23 1,034,752 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2007-11-30 13:40 . 2007-05-16 16:19 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2007-11-30 13:40 . 2007-05-16 16:19 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2007-11-30 13:40 . 2007-05-16 16:18 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2007-11-30 13:40 . 2007-05-16 16:19 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2007-11-30 13:37 . 2007-12-01 22:34 2007-11-30 13:37 . 2007-04-25 15:23 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll 2007-11-30 13:35 . 2007-04-16 22:45 43,352 --a--c--- C:\WINDOWS\system32\wups2.dll 2007-11-30 13:35 . 2007-07-30 19:19 38,232 --a--c--- C:\WINDOWS\system32\wucltui.dll.mui 2007-11-30 13:35 . 2007-07-30 19:20 30,040 --a--c--- C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-11-30 13:35 . 2007-07-30 19:20 30,040 --a--c--- C:\WINDOWS\system32\wuapi.dll.mui 2007-11-30 13:35 . 2007-07-30 19:18 21,336 --a--c--- C:\WINDOWS\system32\wuaueng.dll.mui 2007-11-30 13:29 . 2007-03-17 14:45 293,376 -----c--- C:\WINDOWS\system32\dllcache\winsrv.dll 2007-11-30 13:28 . 2007-03-08 16:38 579,072 -----c--- C:\WINDOWS\system32\dllcache\user32.dll 2007-11-30 13:28 . 2007-06-19 14:32 282,112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-11-30 13:27 . 2007-11-30 13:27 2007-11-30 13:27 . 2007-02-19 11:34 343,040 -----c--- C:\WINDOWS\system32\dllcache\msvcrt.dll 2007-11-30 13:26 . 2006-12-21 14:16 288,768 -----c--- C:\WINDOWS\system32\rhttpaa.dll 2007-11-30 13:26 . 2006-12-21 14:16 116,736 -----c--- C:\WINDOWS\system32\aaclient.dll 2007-11-30 13:26 . 2006-12-21 14:16 36,352 -----c--- C:\WINDOWS\system32\tsgqec.dll 2007-11-30 13:24 . 2007-11-30 13:24 2007-11-30 13:24 . 2006-10-16 17:16 123,392 -----c--- C:\WINDOWS\system32\dllcache\oledlg.dll 2007-11-30 13:20 . 2006-12-26 14:09 536,576 -----c--- C:\WINDOWS\system32\dllcache\msado15.dll 2007-11-30 13:20 . 2006-12-26 14:09 200,704 -----c--- C:\WINDOWS\system32\dllcache\msadox.dll 2007-11-30 13:20 . 2006-12-26 14:09 180,224 -----c--- C:\WINDOWS\system32\dllcache\msadomd.dll 2007-11-30 13:20 . 2006-12-26 14:09 102,400 -----c--- C:\WINDOWS\system32\dllcache\msjro.dll 2007-11-30 13:19 . 2007-11-30 13:22 2007-11-30 13:19 . 2007-11-30 13:24 2007-11-30 13:19 . 2006-11-27 15:55 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll 2007-11-30 13:17 . 2007-02-28 17:04 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2007-11-30 13:17 . 2007-02-28 17:04 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2007-11-30 13:16 . 2007-11-30 13:16 2007-11-30 13:13 . 2007-11-30 13:13 2007-11-30 13:13 . 2007-11-30 13:13 2007-11-30 13:13 . 2007-11-30 13:15 2007-11-30 13:13 . 2006-10-23 12:14 20,608 -----c--- C:\WINDOWS\system32\dllcache\usbuhci.sys 2007-11-30 13:12 . 2007-11-30 13:12 2007-11-30 13:12 . 2006-08-17 13:43 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2007-11-30 13:12 . 2006-11-01 08:17 69,120 -----c--- C:\WINDOWS\system32\wlanapi.dll 2007-11-30 13:12 . 2006-11-08 09:51 62,336 -----c--- C:\WINDOWS\system32\drivers\rspndr.sys 2007-11-30 13:12 . 2006-11-08 09:51 10,752 -----c--- C:\WINDOWS\system32\rspndr.exe 2007-11-30 13:10 . 2006-08-18 13:39 1,712,128 -----c--- C:\WINDOWS\system32\dllcache\netshell.dll 2007-11-30 13:10 . 2006-08-18 13:39 476,160 -----c--- C:\WINDOWS\system32\dllcache\wzcsvc.dll 2007-11-30 13:10 . 2006-08-18 13:39 52,736 -----c--- C:\WINDOWS\system32\dllcache\wzcsapi.dll 2007-11-30 13:07 . 2006-06-26 18:45 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll 2007-11-30 13:04 . 2006-03-17 01:38 28,672 -----c--- C:\WINDOWS\system32\verclsid.exe 2007-11-30 13:01 . 2007-11-30 13:01 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 00:49 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\mIRC 2007-12-02 00:32 --------- dc----w C:\Program Files\DC++ 2007-12-01 02:29 --------- dc-h--r C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\SecuROM 2007-12-01 01:02 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2007-11-30 23:01 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Media Player Classic 2007-11-30 21:31 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Winamp 2007-11-30 20:02 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-11-30 19:56 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Talkback 2007-11-30 19:51 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\PC Tools 2007-11-30 19:44 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Uniblue 2007-11-30 13:01 --------- dc----w C:\Program Files\Gadu-Gadu 2007-11-29 18:56 --------- dc----w C:\Program Files\VentriloMIX 2007-11-29 18:56 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Ventrilo 2007-11-29 18:48 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA 2007-11-29 18:45 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-11-29 18:42 60,416 -c--a-w C:\WINDOWS\ALCFDRTM.EXE 2007-11-29 18:23 --------- dc----w C:\Documents and Settings\DEEqLUz^_-\Dane aplikacji\Gadu-Gadu 2007-11-29 17:58 --------- dc----w C:\Program Files\Realtek AC97 2007-11-29 17:18 --------- dc----w C:\Program Files\microsoft frontpage 2007-11-29 17:15 --------- dc----w C:\Program Files\Usługi online 2007-10-04 16:14 81,920 -c--a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-04 16:14 81,920 -c--a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-04 16:14 8,491,008 -c--a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-04 16:14 753,664 -c--a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-04 16:14 6,854,464 -c--a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-10-04 16:14 6,750,208 -c--a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-04 16:14 6,344,704 -c--a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-04 16:14 5,783,424 -c--a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-04 16:14 5,509,120 -c--a-w C:\WINDOWS\system32\nvdispsr.dll 2007-10-04 16:14 466,944 -c--a-w C:\WINDOWS\system32\nvshell.dll 2007-10-04 16:14 458,752 -c--a-w C:\WINDOWS\system32\nvmccssr.dll 2007-10-04 16:14 45,056 -c--a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-04 16:14 442,368 -c--a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-04 16:14 425,984 -c--a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 -c--a-w C:\WINDOWS\system32\nvapi.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-04 16:14 36,864 -c--a-w C:\WINDOWS\system32\nvcod.dll 2007-10-04 16:14 335,872 -c--a-w C:\WINDOWS\system32\nvwrses.dll 2007-10-04 16:14 335,872 -c--a-w C:\WINDOWS\system32\nvwrsel.dll 2007-10-04 16:14 327,680 -c--a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-10-04 16:14 327,680 -c--a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-10-04 16:14 327,680 -c--a-w C:\WINDOWS\system32\nvrshe.dll 2007-10-04 16:14 327,680 -c--a-w C:\WINDOWS\system32\nvrsar.dll 2007-10-04 16:14 323,584 -c--a-w C:\WINDOWS\system32\nvwrspt.dll 2007-10-04 16:14 323,584 -c--a-w C:\WINDOWS\system32\nvwrsit.dll 2007-10-04 16:14 319,488 -c--a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-10-04 16:14 319,488 -c--a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-10-04 16:14 315,392 -c--a-w C:\WINDOWS\system32\nvwrsru.dll 2007-10-04 16:14 315,392 -c--a-w C:\WINDOWS\system32\nvwrshu.dll 2007-10-04 16:14 311,296 -c--a-w C:\WINDOWS\system32\nvwrsde.dll 2007-10-04 16:14 307,200 -c--a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-04 16:14 303,104 -c--a-w C:\WINDOWS\system32\nvwrstr.dll 2007-10-04 16:14 303,104 -c--a-w C:\WINDOWS\system32\nvwrssl.dll 2007-10-04 16:14 303,104 -c--a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-10-04 16:14 3,629,056 -c--a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-10-04 16:14 3,551,232 -c--a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-04 16:14 3,334,144 -c--a-w C:\WINDOWS\system32\nvgames.dll 2007-10-04 16:14 3,166,208 -c--a-w C:\WINDOWS\system32\nvgamesr.dll 2007-10-04 16:14 299,008 -c--a-w C:\WINDOWS\system32\nvwrssk.dll 2007-10-04 16:14 299,008 -c--a-w C:\WINDOWS\system32\nvwrsno.dll 2007-10-04 16:14 294,912 -c--a-w C:\WINDOWS\system32\nvwrssv.dll 2007-10-04 16:14 294,912 -c--a-w C:\WINDOWS\system32\nvwrspl.dll 2007-10-04 16:14 294,912 -c--a-w C:\WINDOWS\system32\nvwrsda.dll 2007-10-04 16:14 290,816 -c--a-w C:\WINDOWS\system32\nvwrsth.dll 2007-10-04 16:14 286,720 -c--a-w C:\WINDOWS\system32\nvwrseng.dll 2007-10-04 16:14 286,720 -c--a-w C:\WINDOWS\system32\nvwrscs.dll 2007-10-04 16:14 286,720 -c--a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-04 16:14 282,624 -c--a-w C:\WINDOWS\system32\nvwrsar.dll 2007-10-04 16:14 282,624 -c--a-w C:\WINDOWS\system32\nvrsfr.dll 2007-10-04 16:14 282,624 -c--a-w C:\WINDOWS\system32\nvrses.dll 2007-10-04 16:14 282,624 -c--a-w C:\WINDOWS\system32\nvrsel.dll 2007-10-04 16:14 278,528 -c--a-w C:\WINDOWS\system32\nvwrshe.dll 2007-10-04 16:14 278,528 -c--a-w C:\WINDOWS\system32\nvrsit.dll 2007-10-04 16:14 278,528 -c--a-w C:\WINDOWS\system32\nvrsde.dll 2007-10-04 16:14 274,432 -c--a-w C:\WINDOWS\system32\nvrspt.dll 2007-10-04 16:14 274,432 -c--a-w C:\WINDOWS\system32\nvrsnl.dll 2007-10-04 16:14 274,432 -c--a-w C:\WINDOWS\system32\nvrsesm.dll 2007-10-04 16:14 270,336 -c--a-w C:\WINDOWS\system32\nvrsru.dll 2007-10-04 16:14 266,240 -c--a-w C:\WINDOWS\system32\nvrsptb.dll 2007-10-04 16:14 266,240 -c--a-w C:\WINDOWS\system32\nvrsja.dll 2007-10-04 16:14 258,048 -c--a-w C:\WINDOWS\system32\nvrstr.dll 2007-10-04 16:14 258,048 -c--a-w C:\WINDOWS\system32\nvrssl.dll 2007-10-04 16:14 258,048 -c--a-w C:\WINDOWS\system32\nvrssk.dll 2007-10-04 16:14 258,048 -c--a-w C:\WINDOWS\system32\nvrsko.dll 2007-10-04 16:14 258,048 -c--a-w C:\WINDOWS\system32\nvrshu.dll 2007-10-04 16:14 253,952 -c--a-w C:\WINDOWS\system32\nvrsth.dll 2007-10-04 16:14 253,952 -c--a-w C:\WINDOWS\system32\nvrssv.dll 2007-10-04 16:14 253,952 -c--a-w C:\WINDOWS\system32\nvrspl.dll 2007-10-04 16:14 253,952 -c--a-w C:\WINDOWS\system32\nvrsno.dll 2007-10-04 16:14 253,952 -c--a-w C:\WINDOWS\system32\nvrsda.dll 2007-10-04 16:14 249,856 -c--a-w C:\WINDOWS\system32\nvrsfi.dll 2007-10-04 16:14 249,856 -c--a-w C:\WINDOWS\system32\nvrscs.dll 2007-10-04 16:14 245,760 -c--a-w C:\WINDOWS\system32\nvrseng.dll 2007-10-04 16:14 229,376 -c--a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-04 16:14 225,280 -c--a-w C:\WINDOWS\system32\nvrszhc.dll 2007-10-04 16:14 212,992 -c--a-w C:\WINDOWS\system32\nvwrsja.dll 2007-10-04 16:14 2,854,912 -c--a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-10-04 16:14 2,441,216 -c--a-w C:\WINDOWS\system32\nvwssr.dll 2007-10-04 16:14 2,371,584 -c--a-w C:\WINDOWS\system32\nvwss.dll 2007-10-04 16:14 196,608 -c--a-w C:\WINDOWS\system32\nvwrsko.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30] "Gainward"="C:\WINDOWS\TBPanel.exe" [2004-07-23 03:00] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RunDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-28 19:13] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY\_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44] [HKEY\_CURRENT\_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) "NoSharedDocuments"= 1 (0x1) "NoRecentDocsMenu"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] 2007-06-28 15:19 880080 --a--c--- C:\Program Files\AdVantage\AdVantage.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Spyware Remover] C:\Program Files\BPS Remover\BPSRem.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] 2002-03-19 17:30 45632 --a------ C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Security Monitor Process] msword.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a--c--- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] D:\Game\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a--c--- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "NVSvc"=2 (0x2) "idsvc"=3 (0x3) R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 02:21:58 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 2:22:38 . --- E O F ---

Gutek (Gutek) 2007-12-02 16:55:52 UTC #4

Wklej do Notatnika:

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo

Oparte na Discourse, najlepiej oglądać z włączonym JavaScriptem