Robak-spowolniony komputer

kgb.musztarda · 6 Sierpień 2007 20:06

Usuwałem ostatnio z pc sam robaka jednak nie do końca udało mi się to zrobić, wpis o usuniętym pliku cały czas powraca a komputer chodzi strasznie wolno. Daję loga z hjt:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:02:56, on 2007-08-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) – End of file - 3029 bytes

qrczak13 · 6 Sierpień 2007 20:35

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Start > uruchom > cmd i wpisz:

sc stop mshexdefx

sc delete mshexdefx

DEL C:\WINDOWS\system32\dllcache\ivchost.exe

Usuń w HJT.

Po wykonaniu w/w daj log z ComboFix.

kgb.musztarda · 6 Sierpień 2007 21:27

Zrobione, zeskanowałem jeszcze ewido i mi wykryło 4 jakieś spyware. Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:25:52, on 2007-08-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe – End of file - 2900 bytes

i log z combofixa:

ComboFix 07-08-04.3 - “Daniel” 2007-08-06 23:15:46.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\UGA6P C:\WINDOWS\system32\crypts.dll ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 ))))))))))))))))))))))))))))))) 2007-08-06 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 22:50 2007-08-06 22:14 2007-08-04 19:54 2007-08-01 21:55 2007-08-01 21:53 2007-07-29 22:34 1,052 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-29 22:32 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-29 22:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-29 22:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-29 22:25 2007-07-29 22:14 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-07-29 21:58 2007-07-29 21:58 2007-07-29 21:45 2007-07-29 21:40 57,344 --a–c— C:\WINDOWS\system32\dllcache\drmk.sys 2007-07-29 21:40 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-07-29 21:40 42,752 --a–c— C:\WINDOWS\system32\dllcache\stream.sys 2007-07-29 21:40 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-07-29 21:40 135,040 --a–c— C:\WINDOWS\system32\dllcache\portcls.sys 2007-07-29 21:40 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-07-29 21:40 134,144 --a–c— C:\WINDOWS\system32\dllcache\ks.sys 2007-07-29 21:40 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-07-29 21:23 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-07-29 21:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-29 21:22 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2007-07-29 21:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-07-29 21:22 14,080 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-07-29 21:22 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-07-29 21:20 182,880 --a–c— C:\WINDOWS\system32\dllcache\iuengine.dll 2007-07-29 21:20 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:35 2007-07-29 20:22 2007-07-29 20:10 2007-07-29 19:56 444,416 --------- C:\WINDOWS\system32\upds.exe 2007-07-29 19:43 68,608 --a------ C:\asdmew.exe 2007-07-29 19:11 2007-07-29 18:22 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-29 18:14 2007-07-29 17:34 4,096 --a–c— C:\WINDOWS\system32\dllcache\ksuser.dll 2007-07-29 17:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-07-29 17:33 655,596 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-07-29 17:33 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-07-29 17:33 208,896 --------- C:\WINDOWS\alcupd.exe 2007-07-29 17:33 135,168 --------- C:\WINDOWS\alcrmv.exe 2007-07-29 17:32 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-07-29 17:32 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-07-29 17:31 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-07-29 17:29 2007-07-29 17:22 2007-07-29 17:09 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-07-29 17:09 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-29 17:09 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-07-29 17:09 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-29 17:09 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-29 17:09 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-29 17:09 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-07-29 17:09 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-29 17:09 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-07-29 17:08 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-29 17:08 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-07-29 17:07 2007-07-29 16:41 2007-07-29 16:26 2007-07-29 16:24 1,048,576 --ah----- C:\DOCUME~1\DANIEL~1.HOM\NTUSER.DAT 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\NETWOR~1.ZAR\NTUSER.DAT 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\LOCALS~1.ZAR\NTUSER.DAT 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:17 9,216 --a–c— C:\WINDOWS\system32\dllcache\wamps51.dll 2007-07-29 16:17 86,070 --a–c— C:\WINDOWS\system32\dllcache\voicesub.dll 2007-07-29 16:17 74,240 --a–c— C:\WINDOWS\system32\dllcache\w3ext.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\wam51.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\uniime.dll 2007-07-29 16:17 5,632 --a–c— C:\WINDOWS\system32\dllcache\w3svapi.dll 2007-07-29 16:17 49,664 --a–c— C:\WINDOWS\system32\dllcache\wamreg51.dll 2007-07-29 16:17 48,256 --a–c— C:\WINDOWS\system32\dllcache\w32.dll 2007-07-29 16:17 426,038 --a–c— C:\WINDOWS\system32\dllcache\voicepad.dll 2007-07-29 16:17 41,600 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-07-29 16:17 4,608 --a–c— C:\WINDOWS\system32\dllcache\w3ctrs51.dll 2007-07-29 16:17 346,624 --a–c— C:\WINDOWS\system32\dllcache\w3svc.dll 2007-07-29 16:17 31,360 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-07-29 16:16 96,768 --a–c— C:\WINDOWS\system32\dllcache\uihelper.dll 2007-07-29 16:16 90,172 --a–c— C:\WINDOWS\system32\dllcache\tmigrate.dll 2007-07-29 16:16 9,728 --a–c— C:\WINDOWS\system32\dllcache\EXCH_smtpapi.dll 2007-07-29 16:16 8,192 --a–c— C:\WINDOWS\system32\dllcache\snmptrap.exe 2007-07-29 16:16 737,360 --a–c— C:\WINDOWS\system32\dllcache\tintsetp.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 22:04 --------- d-------- C:\Program Files\eMule 2007-08-04 19:52 --------- d-------- C:\Program Files\Valve 2007-07-29 22:16 --------- d–h----- C:\Program Files\WindowsUpdate 2007-07-29 19:23 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 18:07 --------- d-------- C:\Program Files\WapSter 2007-07-29 17:33 --------- d-------- C:\Program Files\VIA PCI Audio Driver Setup Program 2007-07-29 17:33 --------- d-------- C:\Program Files\AvRack 2007-07-29 17:17 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-29 17:17 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-29 17:10 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-29 16:42 --------- d-------- C:\Program Files\TweakNow PowerPack 2006 2007-07-29 16:26 --------- d-------- C:\Program Files\Messenger 2007-07-29 10:10 --------- d-------- C:\Program Files\Neostrada TP 2007-07-05 18:41 --------- d-------- C:\Program Files\musikCube_1.0 2007-07-04 22:05 --------- d-------- C:\Program Files\Cheating-Death 2007-07-04 20:52 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-04 18:35 --------- d-------- C:\Program Files\Avance Sound Manager 2007-07-04 17:32 --------- d-------- C:\Program Files\7-Zip 2007-07-03 21:39 --------- d-------- C:\Program Files\Sunbelt Software 2007-07-03 20:57 --------- d-------- C:\Program Files\SAGEM 2007-07-03 20:56 --------- d-------- C:\Program Files\Java Web Start 2007-07-03 20:21 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-03 20:19 0 -rahs---- C:\MSDOS.SYS 2007-07-03 20:19 0 -rahs---- C:\IO.SYS 2007-07-03 20:19 0 --a------ C:\CONFIG.SYS 2007-07-03 20:19 0 --a------ C:\AUTOEXEC.BAT 2007-07-03 20:13 --------- d-------- C:\Program Files\Common Files\ODBC 2007-07-03 20:12 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-03 20:09 --------- d-------- C:\Program Files\Movie Maker 2007-07-03 20:07 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-03 19:56 --------- d-------- C:\Program Files\Windows NT 2007-07-03 19:56 --------- d-------- C:\Program Files\MSN Gaming Zone --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroCheck”=“C:\WINDOWS\System32\NeroCheck.exe” [2001-07-09 11:50] “SoundMan”=“SOUNDMAN.EXE” [2002-07-12 07:17 C:\WINDOWS\SOUNDMAN.EXE] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-05-03 10:06 C:\WINDOWS\system32\nwiz.exe] “!ewido”=“C:\Program Files\ewido anti-spyware 4.0\ewido.exe” [2007-08-06 22:21] “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2001-10-26 19:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-03 20:58:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoChangeStartMenu”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Auto File System Conversion Utility”= C:\WINDOWS\System32\wbem\scricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “mshexdefx”=2 (0x2) “a2free”=2 (0x2) “NVSvc”=2 (0x2) R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys R1 SASDIFSV;SASDIFSV;??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\System32\drivers\msmpu401.sys S3 SASENUM;SASENUM;??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS S4 mshexdefx;ms hexidecimal defx;“C:\WINDOWS\system32\dllcache\ivchost.exe” *Newly Created Service* - EWIDO_ANTI-SPYWARE_4.0_DRIVER *Newly Created Service* - EWIDO_ANTI-SPYWARE_4.0_GUARD ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 23:19:56 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-06 23:22:44 C:\ComboFix-quarantined-files.txt … 2007-08-06 23:22 — E O F —

jessica · 7 Sierpień 2007 17:12

W jakiej kolejności były robione logi?

Bo z logu ComboFixa wynika co innego niż z logu Hijacka - nawzajem zaprzeczają sobie.

Wklej do Notatnika :

File::

C:\WINDOWS\system32\upds.exe 

C:\asdmew.exe

C:\WINDOWS\System32\wbem\scricon.exe

C:\WINDOWS\system32\dllcache\ivchost.exe


Registry::

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] 

"Auto File System Conversion Utility"=-

>>Plik>>Zapisz jako… >>> ComboFix-Do (najwygodniej będzie,

jeśli zapiszesz w takiej lokalizacji, by ikonka ComboFix-Do znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik ComboFix-Do.txt na plik ComboFix.exe

(czyli ikonkę ComboFix-Do.txt na ikonkę ComboFix.exe )

– tak jak na tym obrazku -->http://i12.tinypic.com/4l761r5.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Potem daj nowe logi, ale napisz, w jakiej kolejności je robisz.

.

kgb.musztarda · 7 Sierpień 2007 19:20

Otóż zrobiłem tak jak było napisane, lecz zapomniałem wyłączyć przeglądarki i odtwarzacza:D Oba logi zrobione jeden po drugim bez wyłączania ani włączania żadnych programów podczas ich pracy.

Pierwszy był combofix:

ComboFix 07-08-04.3 - “Daniel” 2007-08-07 21:07:20.2 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda Command switches used :: C:\Documents and Settings\Daniel.HOME-0L9USFJBQI\Pulpit\ComboFix-Do.txt ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-07 13:25 2007-08-07 13:22 2007-08-06 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 22:50 2007-08-06 22:14 2007-08-04 19:54 2007-08-01 21:55 2007-08-01 21:53 2007-07-29 22:34 1,052 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-29 22:32 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-29 22:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-29 22:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-29 22:25 2007-07-29 22:14 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-07-29 21:58 2007-07-29 21:58 2007-07-29 21:45 2007-07-29 21:40 57,344 --a–c— C:\WINDOWS\system32\dllcache\drmk.sys 2007-07-29 21:40 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-07-29 21:40 42,752 --a–c— C:\WINDOWS\system32\dllcache\stream.sys 2007-07-29 21:40 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-07-29 21:40 135,040 --a–c— C:\WINDOWS\system32\dllcache\portcls.sys 2007-07-29 21:40 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-07-29 21:40 134,144 --a–c— C:\WINDOWS\system32\dllcache\ks.sys 2007-07-29 21:40 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-07-29 21:23 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-07-29 21:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-29 21:22 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2007-07-29 21:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-07-29 21:22 14,080 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-07-29 21:22 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-07-29 21:20 182,880 --a–c— C:\WINDOWS\system32\dllcache\iuengine.dll 2007-07-29 21:20 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:35 2007-07-29 20:22 2007-07-29 20:10 2007-07-29 19:56 444,416 --------- C:\WINDOWS\system32\upds.exe 2007-07-29 19:43 68,608 --a------ C:\asdmew.exe 2007-07-29 19:11 2007-07-29 18:22 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-29 18:14 2007-07-29 17:34 4,096 --a–c— C:\WINDOWS\system32\dllcache\ksuser.dll 2007-07-29 17:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-07-29 17:33 655,596 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-07-29 17:33 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-07-29 17:33 208,896 --------- C:\WINDOWS\alcupd.exe 2007-07-29 17:33 135,168 --------- C:\WINDOWS\alcrmv.exe 2007-07-29 17:32 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-07-29 17:32 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-07-29 17:31 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-07-29 17:29 2007-07-29 17:22 2007-07-29 17:09 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-07-29 17:09 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-29 17:09 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-07-29 17:09 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-29 17:09 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-29 17:09 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-29 17:09 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-07-29 17:09 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-29 17:09 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-07-29 17:08 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-29 17:08 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-07-29 17:07 2007-07-29 16:41 2007-07-29 16:26 2007-07-29 16:24 1,048,576 --ah----- C:\DOCUME~1\DANIEL~1.HOM\NTUSER.DAT 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\NETWOR~1.ZAR\NTUSER.DAT 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\LOCALS~1.ZAR\NTUSER.DAT 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:17 9,216 --a–c— C:\WINDOWS\system32\dllcache\wamps51.dll 2007-07-29 16:17 86,070 --a–c— C:\WINDOWS\system32\dllcache\voicesub.dll 2007-07-29 16:17 74,240 --a–c— C:\WINDOWS\system32\dllcache\w3ext.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\wam51.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\uniime.dll 2007-07-29 16:17 5,632 --a–c— C:\WINDOWS\system32\dllcache\w3svapi.dll 2007-07-29 16:17 49,664 --a–c— C:\WINDOWS\system32\dllcache\wamreg51.dll 2007-07-29 16:17 48,256 --a–c— C:\WINDOWS\system32\dllcache\w32.dll 2007-07-29 16:17 426,038 --a–c— C:\WINDOWS\system32\dllcache\voicepad.dll 2007-07-29 16:17 41,600 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-07-29 16:17 4,608 --a–c— C:\WINDOWS\system32\dllcache\w3ctrs51.dll 2007-07-29 16:17 346,624 --a–c— C:\WINDOWS\system32\dllcache\w3svc.dll 2007-07-29 16:17 31,360 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-07-29 16:16 96,768 --a–c— C:\WINDOWS\system32\dllcache\uihelper.dll 2007-07-29 16:16 90,172 --a–c— C:\WINDOWS\system32\dllcache\tmigrate.dll 2007-07-29 16:16 9,728 --a–c— C:\WINDOWS\system32\dllcache\EXCH_smtpapi.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 22:04 --------- d-------- C:\Program Files\eMule 2007-08-04 19:52 --------- d-------- C:\Program Files\Valve 2007-07-29 22:16 --------- d–h----- C:\Program Files\WindowsUpdate 2007-07-29 19:23 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 18:07 --------- d-------- C:\Program Files\WapSter 2007-07-29 17:33 --------- d-------- C:\Program Files\VIA PCI Audio Driver Setup Program 2007-07-29 17:33 --------- d-------- C:\Program Files\AvRack 2007-07-29 17:17 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-29 17:17 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-29 17:10 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-29 16:42 --------- d-------- C:\Program Files\TweakNow PowerPack 2006 2007-07-29 16:26 --------- d-------- C:\Program Files\Messenger 2007-07-29 10:10 --------- d-------- C:\Program Files\Neostrada TP 2007-07-05 18:41 --------- d-------- C:\Program Files\musikCube_1.0 2007-07-04 22:05 --------- d-------- C:\Program Files\Cheating-Death 2007-07-04 20:52 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-04 18:35 --------- d-------- C:\Program Files\Avance Sound Manager 2007-07-04 17:32 --------- d-------- C:\Program Files\7-Zip 2007-07-03 21:39 --------- d-------- C:\Program Files\Sunbelt Software 2007-07-03 20:57 --------- d-------- C:\Program Files\SAGEM 2007-07-03 20:56 --------- d-------- C:\Program Files\Java Web Start 2007-07-03 20:21 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-03 20:19 0 -rahs---- C:\MSDOS.SYS 2007-07-03 20:19 0 -rahs---- C:\IO.SYS 2007-07-03 20:19 0 --a------ C:\CONFIG.SYS 2007-07-03 20:19 0 --a------ C:\AUTOEXEC.BAT 2007-07-03 20:13 --------- d-------- C:\Program Files\Common Files\ODBC 2007-07-03 20:12 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-03 20:09 --------- d-------- C:\Program Files\Movie Maker 2007-07-03 20:07 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-03 19:56 --------- d-------- C:\Program Files\Windows NT 2007-07-03 19:56 --------- d-------- C:\Program Files\MSN Gaming Zone --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-07-12 07:17 C:\WINDOWS\SOUNDMAN.EXE] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-05-03 10:06 C:\WINDOWS\system32\nwiz.exe] “!ewido”=“C:\Program Files\ewido anti-spyware 4.0\ewido.exe” [2007-08-06 22:21] “MSConfig”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2001-10-26 19:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-03 20:58:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoChangeStartMenu”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Auto File System Conversion Utility”= C:\WINDOWS\System32\wbem\scricon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “mshexdefx”=2 (0x2) “a2free”=2 (0x2) “NVSvc”=2 (0x2) R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys R1 SASDIFSV;SASDIFSV;??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\System32\drivers\msmpu401.sys S3 SASENUM;SASENUM;??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS S4 mshexdefx;ms hexidecimal defx;“C:\WINDOWS\system32\dllcache\ivchost.exe”

i hjt:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16, on 2007-08-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\ComboFix\catchme.cfexe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{16FD9AAE-746D-4536-A2E4-67EA8B097728}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe – End of file - 2701 bytes

Ps. logi staram się zamieszczać w takiej kolejności w jakiej były robione.

adam9870 · 7 Sierpień 2007 19:35

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

w zakładce Procesy kliknij Gmer awaryjny. Komputer się zrestartuje i zostanie samo okienko Gmer’a
w zakładce Usługi skasuj z prawokliku usługę mshexdefx
w zakładce Procesy kliknij Pliki i usuń:

w zakładce Procesy kliknij Restart
po resecie otwórz Gmer’a i w zakładce CMD z zaznaczoną opcją REGEDIT.EXE wklej:

kliknij Uruchom i reset

Start >>> uruchom >>> regedit >>> przejdź do klucza:

i usuń pozycje mshexdefx

Po wykonaniu wklej nowy log z ComboFix.

kgb.musztarda · 8 Sierpień 2007 20:24

Zrobiłem tak jak napisane tylko że bez trybu awaryjnego gmera bo nie było tam tych procesów i usługi, dopiero normalnie dało się usunąć. Nie wiem czy to miało pomóc ale teraz komputer WOLNIEJ mi się włączył niż wcześniej:/

Daję loga z combofixa:

ComboFix 07-08-04.3 - “Daniel” 2007-08-08 22:13:28.3 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-07 13:25 2007-08-07 13:22 2007-08-06 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 22:50 2007-08-06 22:14 2007-08-04 19:54 2007-08-01 21:55 2007-08-01 21:53 2007-07-29 22:34 1,052 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-29 22:32 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-29 22:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-29 22:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-29 22:25 2007-07-29 22:14 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-07-29 21:58 2007-07-29 21:58 2007-07-29 21:45 2007-07-29 21:40 57,344 --a–c— C:\WINDOWS\system32\dllcache\drmk.sys 2007-07-29 21:40 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-07-29 21:40 42,752 --a–c— C:\WINDOWS\system32\dllcache\stream.sys 2007-07-29 21:40 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-07-29 21:40 135,040 --a–c— C:\WINDOWS\system32\dllcache\portcls.sys 2007-07-29 21:40 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-07-29 21:40 134,144 --a–c— C:\WINDOWS\system32\dllcache\ks.sys 2007-07-29 21:40 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-07-29 21:23 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-07-29 21:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-29 21:22 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2007-07-29 21:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-07-29 21:22 14,080 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-07-29 21:22 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-07-29 21:20 182,880 --a–c— C:\WINDOWS\system32\dllcache\iuengine.dll 2007-07-29 21:20 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:35 2007-07-29 20:22 2007-07-29 20:10 2007-07-29 19:43 68,608 --a------ C:\asdmew.exe 2007-07-29 19:11 2007-07-29 18:22 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-29 18:14 2007-07-29 17:34 4,096 --a–c— C:\WINDOWS\system32\dllcache\ksuser.dll 2007-07-29 17:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-07-29 17:33 655,596 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-07-29 17:33 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-07-29 17:33 208,896 --------- C:\WINDOWS\alcupd.exe 2007-07-29 17:33 135,168 --------- C:\WINDOWS\alcrmv.exe 2007-07-29 17:32 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-07-29 17:32 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-07-29 17:31 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-07-29 17:29 2007-07-29 17:22 2007-07-29 17:09 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-07-29 17:09 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-29 17:09 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-07-29 17:09 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-29 17:09 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-29 17:09 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-29 17:09 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-07-29 17:09 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-29 17:09 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-07-29 17:08 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-29 17:08 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-07-29 17:07 2007-07-29 16:41 2007-07-29 16:26 2007-07-29 16:24 974,848 --a------ C:\DOCUME~1\DANIEL~1.HOM\NTUSER.DAT 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\NETWOR~1.ZAR\NTUSER.DAT 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\LOCALS~1.ZAR\NTUSER.DAT 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:17 9,216 --a–c— C:\WINDOWS\system32\dllcache\wamps51.dll 2007-07-29 16:17 86,070 --a–c— C:\WINDOWS\system32\dllcache\voicesub.dll 2007-07-29 16:17 74,240 --a–c— C:\WINDOWS\system32\dllcache\w3ext.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\wam51.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\uniime.dll 2007-07-29 16:17 5,632 --a–c— C:\WINDOWS\system32\dllcache\w3svapi.dll 2007-07-29 16:17 49,664 --a–c— C:\WINDOWS\system32\dllcache\wamreg51.dll 2007-07-29 16:17 48,256 --a–c— C:\WINDOWS\system32\dllcache\w32.dll 2007-07-29 16:17 426,038 --a–c— C:\WINDOWS\system32\dllcache\voicepad.dll 2007-07-29 16:17 41,600 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-07-29 16:17 4,608 --a–c— C:\WINDOWS\system32\dllcache\w3ctrs51.dll 2007-07-29 16:17 346,624 --a–c— C:\WINDOWS\system32\dllcache\w3svc.dll 2007-07-29 16:17 31,360 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-07-29 16:16 96,768 --a–c— C:\WINDOWS\system32\dllcache\uihelper.dll 2007-07-29 16:16 90,172 --a–c— C:\WINDOWS\system32\dllcache\tmigrate.dll 2007-07-29 16:16 9,728 --a–c— C:\WINDOWS\system32\dllcache\EXCH_smtpapi.dll 2007-07-29 16:16 8,192 --a–c— C:\WINDOWS\system32\dllcache\snmptrap.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-04 22:04 --------- d-------- C:\Program Files\eMule 2007-08-04 19:52 --------- d-------- C:\Program Files\Valve 2007-07-29 22:16 --------- d–h----- C:\Program Files\WindowsUpdate 2007-07-29 19:23 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 18:07 --------- d-------- C:\Program Files\WapSter 2007-07-29 17:33 --------- d-------- C:\Program Files\VIA PCI Audio Driver Setup Program 2007-07-29 17:33 --------- d-------- C:\Program Files\AvRack 2007-07-29 17:17 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-29 17:17 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-29 17:10 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-29 16:42 --------- d-------- C:\Program Files\TweakNow PowerPack 2006 2007-07-29 16:26 --------- d-------- C:\Program Files\Messenger 2007-07-29 10:10 --------- d-------- C:\Program Files\Neostrada TP 2007-07-07 20:13 --------- d-------- C:\Program Files\foobar2000 2007-07-07 19:43 --------- d-------- C:\Program Files\SEMC 2007-07-07 19:34 --------- d-------- C:\Program Files\MLDonkey 2007-07-07 18:27 51232 --a------ C:\Program Files\wwdc.exe 2007-07-05 18:41 --------- d-------- C:\Program Files\musikCube_1.0 2007-07-04 22:05 --------- d-------- C:\Program Files\Cheating-Death 2007-07-04 20:52 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-04 18:35 --------- d-------- C:\Program Files\Avance Sound Manager 2007-07-04 17:32 --------- d-------- C:\Program Files\7-Zip 2007-07-03 21:39 --------- d-------- C:\Program Files\Sunbelt Software 2007-07-03 20:57 --------- d-------- C:\Program Files\SAGEM 2007-07-03 20:56 --------- d-------- C:\Program Files\Java Web Start 2007-07-03 20:21 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-03 20:19 0 -rahs---- C:\MSDOS.SYS 2007-07-03 20:19 0 -rahs---- C:\IO.SYS 2007-07-03 20:19 0 --a------ C:\CONFIG.SYS 2007-07-03 20:19 0 --a------ C:\AUTOEXEC.BAT 2007-07-03 20:13 --------- d-------- C:\Program Files\Common Files\ODBC 2007-07-03 20:12 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-03 20:09 --------- d-------- C:\Program Files\Movie Maker 2007-07-03 20:07 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-03 19:56 --------- d-------- C:\Program Files\Windows NT 2007-07-03 19:56 --------- d-------- C:\Program Files\MSN Gaming Zone --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-07-12 07:17 C:\WINDOWS\SOUNDMAN.EXE] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-05-03 10:06 C:\WINDOWS\system32\nwiz.exe] “!ewido”=“C:\Program Files\ewido anti-spyware 4.0\ewido.exe” [2007-08-06 22:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-03 20:58:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoChangeStartMenu”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “a2free”=2 (0x2) “NVSvc”=2 (0x2) R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys R1 SASDIFSV;SASDIFSV;??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\System32\drivers\msmpu401.sys S3 SASENUM;SASENUM;??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 22:17:59 Windows 5.1.2600 NTFS scanning hidden processes …

qrczak13 · 9 Sierpień 2007 21:17

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:

C:\asdmew.exe

i naciskasz X czerwony. Program poprosi o restart kompa, co robisz.

I nowy log z combo.

kgb.musztarda · 11 Sierpień 2007 18:56

C:\asdmew.exe usunąłem unlockerem bo killbox nie chciał mi się coś uruchomić, chyba zły link albo już sam nie wiem co:"/

Log z combofixa :

ComboFix 07-08-04.3 - “Daniel” 2007-08-11 19:36:23.3 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 ))))))))))))))))))))))))))))))) 2007-08-07 13:25 2007-08-07 13:22 2007-08-06 23:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 22:50 2007-08-06 22:14 2007-08-04 19:54 2007-08-01 21:55 2007-08-01 21:53 2007-07-29 22:34 1,052 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-29 22:32 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-29 22:32 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-29 22:32 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-29 22:25 2007-07-29 22:14 21,760 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-07-29 21:58 2007-07-29 21:58 2007-07-29 21:45 2007-07-29 21:40 57,344 --a–c— C:\WINDOWS\system32\dllcache\drmk.sys 2007-07-29 21:40 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-07-29 21:40 42,752 --a–c— C:\WINDOWS\system32\dllcache\stream.sys 2007-07-29 21:40 42,752 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-07-29 21:40 135,040 --a–c— C:\WINDOWS\system32\dllcache\portcls.sys 2007-07-29 21:40 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-07-29 21:40 134,144 --a–c— C:\WINDOWS\system32\dllcache\ks.sys 2007-07-29 21:40 134,144 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-07-29 21:23 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys 2007-07-29 21:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-07-29 21:22 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys 2007-07-29 21:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-07-29 21:22 14,080 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-07-29 21:22 14,080 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-07-29 21:20 182,880 --a–c— C:\WINDOWS\system32\dllcache\iuengine.dll 2007-07-29 21:20 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:36 2007-07-29 20:35 2007-07-29 20:22 2007-07-29 20:10 2007-07-29 19:11 2007-07-29 18:22 0 --a------ C:\WINDOWS\nsreg.dat 2007-07-29 18:14 2007-07-29 17:34 4,096 --a–c— C:\WINDOWS\system32\dllcache\ksuser.dll 2007-07-29 17:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-07-29 17:33 655,596 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-07-29 17:33 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-07-29 17:33 208,896 --------- C:\WINDOWS\alcupd.exe 2007-07-29 17:33 135,168 --------- C:\WINDOWS\alcrmv.exe 2007-07-29 17:32 32,768 --a------ C:\WINDOWS\system32\UnAudioNT.dll 2007-07-29 17:32 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-07-29 17:31 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-07-29 17:29 2007-07-29 17:22 2007-07-29 17:09 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-07-29 17:09 46,167 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-07-29 17:09 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-07-29 17:09 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-07-29 17:09 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-07-29 17:09 127,497 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-07-29 17:09 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-07-29 17:09 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-07-29 17:09 1,531,904 --a------ C:\WINDOWS\adiras.exe 2007-07-29 17:08 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-07-29 17:08 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-07-29 17:07 2007-07-29 16:41 2007-07-29 16:26 2007-07-29 16:24 1,310,720 --a------ C:\DOCUME~1\DANIEL~1.HOM\NTUSER.DAT 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:24 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\NETWOR~1.ZAR\NTUSER.DAT 2007-07-29 16:21 241,664 --ah----- C:\DOCUME~1\LOCALS~1.ZAR\NTUSER.DAT 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:21 2007-07-29 16:17 9,216 --a–c— C:\WINDOWS\system32\dllcache\wamps51.dll 2007-07-29 16:17 86,070 --a–c— C:\WINDOWS\system32\dllcache\voicesub.dll 2007-07-29 16:17 74,240 --a–c— C:\WINDOWS\system32\dllcache\w3ext.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\wam51.dll 2007-07-29 16:17 73,216 --a–c— C:\WINDOWS\system32\dllcache\uniime.dll 2007-07-29 16:17 5,632 --a–c— C:\WINDOWS\system32\dllcache\w3svapi.dll 2007-07-29 16:17 49,664 --a–c— C:\WINDOWS\system32\dllcache\wamreg51.dll 2007-07-29 16:17 48,256 --a–c— C:\WINDOWS\system32\dllcache\w32.dll 2007-07-29 16:17 426,038 --a–c— C:\WINDOWS\system32\dllcache\voicepad.dll 2007-07-29 16:17 41,600 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-07-29 16:17 4,608 --a–c— C:\WINDOWS\system32\dllcache\w3ctrs51.dll 2007-07-29 16:17 346,624 --a–c— C:\WINDOWS\system32\dllcache\w3svc.dll 2007-07-29 16:17 31,360 --a–c— C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-07-29 16:16 96,768 --a–c— C:\WINDOWS\system32\dllcache\uihelper.dll 2007-07-29 16:16 90,172 --a–c— C:\WINDOWS\system32\dllcache\tmigrate.dll 2007-07-29 16:16 9,728 --a–c— C:\WINDOWS\system32\dllcache\EXCH_smtpapi.dll 2007-07-29 16:16 8,192 --a–c— C:\WINDOWS\system32\dllcache\snmptrap.exe 2007-07-29 16:16 737,360 --a–c— C:\WINDOWS\system32\dllcache\tintsetp.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-10 22:32 --------- d-------- C:\Program Files\eMule 2007-08-04 19:52 --------- d-------- C:\Program Files\Valve 2007-07-29 22:16 --------- d–h----- C:\Program Files\WindowsUpdate 2007-07-29 19:23 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-29 18:07 --------- d-------- C:\Program Files\WapSter 2007-07-29 17:33 --------- d-------- C:\Program Files\VIA PCI Audio Driver Setup Program 2007-07-29 17:33 --------- d-------- C:\Program Files\AvRack 2007-07-29 17:17 49712 --a------ C:\WINDOWS\system32\perfc015.dat 2007-07-29 17:17 355830 --a------ C:\WINDOWS\system32\perfh015.dat 2007-07-29 17:10 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-07-29 16:42 --------- d-------- C:\Program Files\TweakNow PowerPack 2006 2007-07-29 16:26 --------- d-------- C:\Program Files\Messenger 2007-07-29 10:10 --------- d-------- C:\Program Files\Neostrada TP 2007-07-09 12:17 5281 --a------ C:\dnsbak.reg 2007-07-08 21:01 --------- d-------- C:\Program Files\HLLC 2007-07-08 12:20 --------- d-------- C:\Program Files\Teamspeak2_RC2 2007-07-08 09:56 --------- d-------- C:\Program Files\CCleaner 2007-07-08 09:43 --------- d-------- C:\Program Files\Skype 2007-07-07 20:13 --------- d-------- C:\Program Files\foobar2000 2007-07-07 19:43 --------- d-------- C:\Program Files\SEMC 2007-07-07 19:34 --------- d-------- C:\Program Files\MLDonkey 2007-07-07 18:27 51232 --a------ C:\Program Files\wwdc.exe 2007-07-05 18:41 --------- d-------- C:\Program Files\musikCube_1.0 2007-07-04 22:05 --------- d-------- C:\Program Files\Cheating-Death 2007-07-04 20:52 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-04 18:35 --------- d-------- C:\Program Files\Avance Sound Manager 2007-07-04 17:32 --------- d-------- C:\Program Files\7-Zip 2007-07-03 21:39 --------- d-------- C:\Program Files\Sunbelt Software 2007-07-03 20:57 --------- d-------- C:\Program Files\SAGEM 2007-07-03 20:56 --------- d-------- C:\Program Files\Java Web Start 2007-07-03 20:21 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-03 20:19 0 -rahs---- C:\MSDOS.SYS 2007-07-03 20:19 0 -rahs---- C:\IO.SYS 2007-07-03 20:19 0 --a------ C:\CONFIG.SYS 2007-07-03 20:19 0 --a------ C:\AUTOEXEC.BAT 2007-07-03 20:13 --------- d-------- C:\Program Files\Common Files\ODBC 2007-07-03 20:12 --------- d-------- C:\Program Files\Common Files\SpeechEngines 2007-07-03 20:09 --------- d-------- C:\Program Files\Movie Maker 2007-07-03 20:07 --------- d-------- C:\Program Files\Common Files\MSSoap 2007-07-03 19:56 --------- d-------- C:\Program Files\Windows NT 2007-07-03 19:56 --------- d-------- C:\Program Files\MSN Gaming Zone --------- C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2002-07-12 07:17 C:\WINDOWS\SOUNDMAN.EXE] “NvCplDaemon”=“NvQTwk” [] “!ewido”=“C:\Program Files\ewido anti-spyware 4.0\ewido.exe” [2007-08-06 22:21] “nwiz”=“nwiz.exe” [2002-05-03 10:06 C:\WINDOWS\system32\nwiz.exe] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 19:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-03 20:58:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoChangeStartMenu”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) “NoLowDiskSpaceChecks”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “a2free”=2 (0x2) “NVSvc”=2 (0x2) R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys R1 SASDIFSV;SASDIFSV;??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS R1 SASKUTIL;SASKUTIL;??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys R3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:\WINDOWS\System32\drivers\msmpu401.sys S3 SASENUM;SASENUM;??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-11 19:41:29 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-11 19:45:37 C:\ComboFix-quarantined-files.txt … 2007-08-06 23:22

Dodam jeszcze że strasznie mi szybko i mocno grzeje mi się grafika:/ Styki czyściłem dzisiaj i nadal to samo, nie wiem:/

qrczak13 · 12 Sierpień 2007 18:30

Log ok.

Optymalizacja i odchudzanie Windows XP

Czyszczenie rejestru - jv16 PowerTools 1.3.0.195 + opis.

Przeczyść całą budę w środku. A wentylator na grafie nie wymięka?

kgb.musztarda · 13 Sierpień 2007 20:17

hmm log ok:/ Sformatowałem dysk i nadal to miałem tego scricon.exe Pokombinowałem programem Unlocker usuwając pliki i HJT usuwając wpisy (było z 6 wpisów scricon). Do tego skan ewido online i chyba pomogło.

Czyściłem wszystko w kompie już.

PS. jaki wentylator na grafice? Starą gf2 mx 400 mam:D A i tak nieźle wyciąga (mam 100fps jak gram online a inni mają po 60 na lepszym sprzęcie:/), tylko że ostatnio się grzeje:(