Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
proszę o sprawdzenie loga
16 Kwi 2008, 21:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:54, on 2008-04-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATMEL\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC74A3D-D6DA-429E-B86B-A919E53E07F9}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 4785 bytes
Scan saved at 21:05:54, on 2008-04-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATMEL\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Configuration & Monitor Utility.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBC74A3D-D6DA-429E-B86B-A919E53E07F9}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4F64D80B-EF57-4E2B-9507-F67F19B1BC66}: NameServer = 192.168.0.1,194.201.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa konfiguracji Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 4785 bytes
17 Kwi 2008, 03:28
fix w HijackThis
Pokaż log z ComboFix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Pokaż log z ComboFix
17 Kwi 2008, 08:16
wielkie dzięki huber2t - na oko widze że wszystko wrócilo do normy, rzuc jeszcze okiem na te logi:
ComboFix 08-04-13.1 - Ja 2008-04-17 8:11:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1565 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 18:31 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-13 21:56 . 2008-04-13 21:57 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-13 19:27 . 2008-04-13 19:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Program Files\ESET
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-13 09:20 . 2008-04-13 09:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-13 09:18 . 2008-04-13 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-13 08:41 . 2008-04-13 21:12 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\TmpRecentIcons
2008-04-13 08:41 . 2008-04-13 08:41 16,384 --a------ C:\WINDOWS\~DFF956.tmp
2008-04-12 23:54 . 2008-04-12 18:15 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-12 23:54 . 2008-04-12 18:15 188,416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-12 23:54 . 2008-04-12 18:15 155,648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-12 23:54 . 2008-04-12 18:15 94,208 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-12 20:03 . 2008-04-12 20:03 16,384 --a------ C:\WINDOWS\~DFFB26.tmp
2008-04-12 15:51 . 2008-04-12 15:51 16,384 --a------ C:\WINDOWS\~DFFB73.tmp
2008-04-12 10:26 . 2008-04-12 10:26 16,384 --a------ C:\WINDOWS\~DF943.tmp
2008-04-12 09:57 . 2008-04-12 09:57 16,384 --a------ C:\WINDOWS\~DFFB79.tmp
2008-04-11 18:38 . 2008-04-11 18:38 16,384 --a------ C:\WINDOWS\~DFFB6A.tmp
2008-04-10 21:08 . 2008-04-10 21:08 16,384 --a------ C:\WINDOWS\~DFFB29.tmp
2008-04-09 21:31 . 2008-04-09 21:31 16,384 --a------ C:\WINDOWS\~DFFB57.tmp
2008-04-08 20:59 . 2008-04-08 20:59 16,384 --a------ C:\WINDOWS\~DFFB52.tmp
2008-04-07 19:23 . 2008-04-07 19:23 16,384 --a------ C:\WINDOWS\~DFFB33.tmp
2008-04-07 07:42 . 2008-04-07 07:42 16,384 --a------ C:\WINDOWS\~DFFB74.tmp
2008-04-06 16:47 . 2008-04-06 16:47 16,384 --a------ C:\WINDOWS\~DF87F.tmp
2008-04-06 15:56 . 2008-04-06 15:56 16,384 --a------ C:\WINDOWS\~DFFB1E.tmp
2008-04-06 11:38 . 2008-04-06 11:38 16,384 --a------ C:\WINDOWS\~DFFB45.tmp
2008-04-05 11:03 . 2008-04-05 11:03 16,384 --a------ C:\WINDOWS\~DFFE2F.tmp
2008-04-04 18:39 . 2008-04-04 18:39 16,384 --a------ C:\WINDOWS\~DF6B2.tmp
2008-04-04 12:03 . 2008-04-04 12:03 16,384 --a------ C:\WINDOWS\~DFFB19.tmp
2008-04-04 07:53 . 2008-04-04 07:53 16,384 --a------ C:\WINDOWS\~DFFB03.tmp
2008-04-03 20:11 . 2008-04-03 20:11 16,384 --a------ C:\WINDOWS\~DFFB1A.tmp
2008-04-03 08:25 . 2008-04-03 08:25 16,384 --a------ C:\WINDOWS\~DFFB69.tmp
2008-04-02 23:17 . 2008-04-02 23:17 16,384 --a------ C:\WINDOWS\~DF8C1.tmp
2008-03-30 21:58 . 2008-03-30 21:58 16,384 --a------ C:\WINDOWS\~DF7EE.tmp
2008-03-29 00:58 . 2008-03-29 00:58 16,384 --a------ C:\WINDOWS\~DF873.tmp
2008-03-26 20:54 . 2008-03-26 20:54 16,384 --a------ C:\WINDOWS\~DF8A4.tmp
2008-03-26 13:49 . 2003-02-28 08:00 100,352 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2008-03-26 13:49 . 2003-02-14 18:01 73,728 -ra------ C:\WINDOWS\system32\CNMCP50.exe
2008-03-26 13:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-26 13:49 . 2003-02-28 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2008-03-25 00:01 . 2008-03-25 00:01 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\AdobeUM
2008-03-23 20:48 . 2008-03-23 20:56 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\InternetCalls
2008-03-23 20:38 . 2008-03-23 20:38 16,384 --a------ C:\WINDOWS\~DF80A.tmp
2008-03-21 11:02 . 2008-03-21 11:02 16,384 --a------ C:\WINDOWS\~DF813.tmp
2008-03-19 13:04 . 2008-03-19 13:04 16,384 --a------ C:\WINDOWS\~DF7E2.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 06:06 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Skype
2008-04-17 05:41 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\skypePM
2008-04-13 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 06:41 16,384 ----a-w C:\WINDOWS\~DFF956.tmp
2008-04-12 18:03 16,384 ----a-w C:\WINDOWS\~DFFB26.tmp
2008-04-12 13:51 16,384 ----a-w C:\WINDOWS\~DFFB73.tmp
2008-04-12 08:26 16,384 ----a-w C:\WINDOWS\~DF943.tmp
2008-04-12 07:57 16,384 ----a-w C:\WINDOWS\~DFFB79.tmp
2008-04-11 16:38 16,384 ----a-w C:\WINDOWS\~DFFB6A.tmp
2008-04-10 19:08 16,384 ----a-w C:\WINDOWS\~DFFB29.tmp
2008-04-09 19:31 16,384 ----a-w C:\WINDOWS\~DFFB57.tmp
2008-04-08 18:59 16,384 ----a-w C:\WINDOWS\~DFFB52.tmp
2008-04-07 17:23 16,384 ----a-w C:\WINDOWS\~DFFB33.tmp
2008-04-07 05:42 16,384 ----a-w C:\WINDOWS\~DFFB74.tmp
2008-04-06 14:47 16,384 ----a-w C:\WINDOWS\~DF87F.tmp
2008-04-06 13:56 16,384 ----a-w C:\WINDOWS\~DFFB1E.tmp
2008-04-06 09:38 16,384 ----a-w C:\WINDOWS\~DFFB45.tmp
2008-04-05 09:03 16,384 ----a-w C:\WINDOWS\~DFFE2F.tmp
2008-04-04 16:39 16,384 ----a-w C:\WINDOWS\~DF6B2.tmp
2008-04-04 10:03 16,384 ----a-w C:\WINDOWS\~DFFB19.tmp
2008-04-04 05:53 16,384 ----a-w C:\WINDOWS\~DFFB03.tmp
2008-04-03 18:11 16,384 ----a-w C:\WINDOWS\~DFFB1A.tmp
2008-04-03 06:25 16,384 ----a-w C:\WINDOWS\~DFFB69.tmp
2008-04-02 21:19 --------- d-----w C:\Program Files\Odkurzacz
2008-04-02 21:17 16,384 ----a-w C:\WINDOWS\~DF8C1.tmp
2008-03-30 19:58 16,384 ----a-w C:\WINDOWS\~DF7EE.tmp
2008-03-28 22:58 16,384 ----a-w C:\WINDOWS\~DF873.tmp
2008-03-26 18:54 16,384 ----a-w C:\WINDOWS\~DF8A4.tmp
2008-03-26 12:48 --------- d-----w C:\Program Files\English Translator 3
2008-03-23 18:38 16,384 ----a-w C:\WINDOWS\~DF80A.tmp
2008-03-21 09:02 16,384 ----a-w C:\WINDOWS\~DF813.tmp
2008-03-19 11:04 16,384 ----a-w C:\WINDOWS\~DF7E2.tmp
2008-03-16 17:21 16,384 ----a-w C:\WINDOWS\~DF84B.tmp
2008-03-15 23:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 23:01 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Ahead
2008-03-15 23:00 --------- d-----w C:\Program Files\Nero
2008-03-15 20:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\CyberLink
2008-03-15 18:24 16,384 ----a-w C:\WINDOWS\~DFF59.tmp
2008-03-15 16:19 --------- d-----w C:\Program Files\CONEXANT
2008-03-15 07:11 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-15 01:12 --------- d-----w C:\Program Files\Lavalys
2008-03-15 00:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-15 00:16 --------- d-----w C:\Program Files\xp-AntiSpy
2008-03-15 00:16 --------- d-----w C:\Program Files\Winamp
2008-03-15 00:16 --------- d-----w C:\Program Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\IrfanView
2008-03-15 00:16 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-15 00:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-14 21:32 16,384 ----a-w C:\WINDOWS\~DFFFF2.tmp
2008-03-14 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-14 21:00 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
2008-03-14 20:58 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-14 20:54 --------- d-----w C:\Program Files\MarBit
2008-03-14 20:18 --------- d-----w C:\Program Files\ATMEL
2008-03-14 20:13 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-14 20:13 --------- d-----w C:\Program Files\Media Player Classic
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-14 20:10 --------- d-----w C:\Program Files\Cartall
2008-03-14 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 20:06 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.0.4
2008-03-14 20:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-03-14 20:04 --------- d-----w C:\Program Files\CyberLink
2008-03-14 19:53 --------- d-----w C:\Program Files\DITel
2008-03-14 19:34 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Lavasoft
2008-03-13 22:27 --------- d-----w C:\Program Files\Atheros
2008-03-13 22:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Atheros
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-03-13 20:30 --------- d-----w C:\Program Files\Synaptics
2008-03-13 19:42 --------- d-----w C:\Program Files\Broadcom
2008-03-13 19:38 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\InstallShield
2008-03-13 19:36 --------- d-----w C:\Program Files\Alwil Software
2008-03-13 16:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-13 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 16:13 --------- d-----w C:\Program Files\DIFX
2008-03-13 16:04 --------- d-----w C:\Program Files\Usługi online
2008-03-13 14:52 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 15:44 266240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-24 00:15 8478720]
"nwiz"="nwiz.exe" [2007-08-24 00:15 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-24 00:15 81920]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 15:13 202032]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 18:42 376921]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-07 16:13]
R3 USBFVNETA;ATMEL USB FastVNET (A);C:\WINDOWS\system32\DRIVERS\vnetusba.sys [2001-06-22 13:22]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\WINDOWS\system32\DRIVERS\athr.sys [2007-11-09 18:23]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 08:12:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-17 8:12:56
ComboFix-quarantined-files.txt 2008-04-17 06:12:51
Pre-Run: 2,850,029,568 bajtów wolnych
Post-Run: 2,841,632,768 bajtów wolnych
ComboFix 08-04-13.1 - Ja 2008-04-17 8:11:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1565 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 18:31 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-13 21:56 . 2008-04-13 21:57 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-13 19:27 . 2008-04-13 19:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Program Files\ESET
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-13 09:20 . 2008-04-13 09:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-13 09:18 . 2008-04-13 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-13 08:41 . 2008-04-13 21:12 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\TmpRecentIcons
2008-04-13 08:41 . 2008-04-13 08:41 16,384 --a------ C:\WINDOWS\~DFF956.tmp
2008-04-12 23:54 . 2008-04-12 18:15 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
2008-04-12 23:54 . 2008-04-12 18:15 188,416 --a------ C:\WINDOWS\ogxtsepr.dll
2008-04-12 23:54 . 2008-04-12 18:15 155,648 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-12 23:54 . 2008-04-12 18:15 94,208 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-12 20:03 . 2008-04-12 20:03 16,384 --a------ C:\WINDOWS\~DFFB26.tmp
2008-04-12 15:51 . 2008-04-12 15:51 16,384 --a------ C:\WINDOWS\~DFFB73.tmp
2008-04-12 10:26 . 2008-04-12 10:26 16,384 --a------ C:\WINDOWS\~DF943.tmp
2008-04-12 09:57 . 2008-04-12 09:57 16,384 --a------ C:\WINDOWS\~DFFB79.tmp
2008-04-11 18:38 . 2008-04-11 18:38 16,384 --a------ C:\WINDOWS\~DFFB6A.tmp
2008-04-10 21:08 . 2008-04-10 21:08 16,384 --a------ C:\WINDOWS\~DFFB29.tmp
2008-04-09 21:31 . 2008-04-09 21:31 16,384 --a------ C:\WINDOWS\~DFFB57.tmp
2008-04-08 20:59 . 2008-04-08 20:59 16,384 --a------ C:\WINDOWS\~DFFB52.tmp
2008-04-07 19:23 . 2008-04-07 19:23 16,384 --a------ C:\WINDOWS\~DFFB33.tmp
2008-04-07 07:42 . 2008-04-07 07:42 16,384 --a------ C:\WINDOWS\~DFFB74.tmp
2008-04-06 16:47 . 2008-04-06 16:47 16,384 --a------ C:\WINDOWS\~DF87F.tmp
2008-04-06 15:56 . 2008-04-06 15:56 16,384 --a------ C:\WINDOWS\~DFFB1E.tmp
2008-04-06 11:38 . 2008-04-06 11:38 16,384 --a------ C:\WINDOWS\~DFFB45.tmp
2008-04-05 11:03 . 2008-04-05 11:03 16,384 --a------ C:\WINDOWS\~DFFE2F.tmp
2008-04-04 18:39 . 2008-04-04 18:39 16,384 --a------ C:\WINDOWS\~DF6B2.tmp
2008-04-04 12:03 . 2008-04-04 12:03 16,384 --a------ C:\WINDOWS\~DFFB19.tmp
2008-04-04 07:53 . 2008-04-04 07:53 16,384 --a------ C:\WINDOWS\~DFFB03.tmp
2008-04-03 20:11 . 2008-04-03 20:11 16,384 --a------ C:\WINDOWS\~DFFB1A.tmp
2008-04-03 08:25 . 2008-04-03 08:25 16,384 --a------ C:\WINDOWS\~DFFB69.tmp
2008-04-02 23:17 . 2008-04-02 23:17 16,384 --a------ C:\WINDOWS\~DF8C1.tmp
2008-03-30 21:58 . 2008-03-30 21:58 16,384 --a------ C:\WINDOWS\~DF7EE.tmp
2008-03-29 00:58 . 2008-03-29 00:58 16,384 --a------ C:\WINDOWS\~DF873.tmp
2008-03-26 20:54 . 2008-03-26 20:54 16,384 --a------ C:\WINDOWS\~DF8A4.tmp
2008-03-26 13:49 . 2003-02-28 08:00 100,352 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2008-03-26 13:49 . 2003-02-14 18:01 73,728 -ra------ C:\WINDOWS\system32\CNMCP50.exe
2008-03-26 13:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-26 13:49 . 2003-02-28 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2008-03-25 00:01 . 2008-03-25 00:01 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\AdobeUM
2008-03-23 20:48 . 2008-03-23 20:56 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\InternetCalls
2008-03-23 20:38 . 2008-03-23 20:38 16,384 --a------ C:\WINDOWS\~DF80A.tmp
2008-03-21 11:02 . 2008-03-21 11:02 16,384 --a------ C:\WINDOWS\~DF813.tmp
2008-03-19 13:04 . 2008-03-19 13:04 16,384 --a------ C:\WINDOWS\~DF7E2.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 06:06 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Skype
2008-04-17 05:41 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\skypePM
2008-04-13 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 06:41 16,384 ----a-w C:\WINDOWS\~DFF956.tmp
2008-04-12 18:03 16,384 ----a-w C:\WINDOWS\~DFFB26.tmp
2008-04-12 13:51 16,384 ----a-w C:\WINDOWS\~DFFB73.tmp
2008-04-12 08:26 16,384 ----a-w C:\WINDOWS\~DF943.tmp
2008-04-12 07:57 16,384 ----a-w C:\WINDOWS\~DFFB79.tmp
2008-04-11 16:38 16,384 ----a-w C:\WINDOWS\~DFFB6A.tmp
2008-04-10 19:08 16,384 ----a-w C:\WINDOWS\~DFFB29.tmp
2008-04-09 19:31 16,384 ----a-w C:\WINDOWS\~DFFB57.tmp
2008-04-08 18:59 16,384 ----a-w C:\WINDOWS\~DFFB52.tmp
2008-04-07 17:23 16,384 ----a-w C:\WINDOWS\~DFFB33.tmp
2008-04-07 05:42 16,384 ----a-w C:\WINDOWS\~DFFB74.tmp
2008-04-06 14:47 16,384 ----a-w C:\WINDOWS\~DF87F.tmp
2008-04-06 13:56 16,384 ----a-w C:\WINDOWS\~DFFB1E.tmp
2008-04-06 09:38 16,384 ----a-w C:\WINDOWS\~DFFB45.tmp
2008-04-05 09:03 16,384 ----a-w C:\WINDOWS\~DFFE2F.tmp
2008-04-04 16:39 16,384 ----a-w C:\WINDOWS\~DF6B2.tmp
2008-04-04 10:03 16,384 ----a-w C:\WINDOWS\~DFFB19.tmp
2008-04-04 05:53 16,384 ----a-w C:\WINDOWS\~DFFB03.tmp
2008-04-03 18:11 16,384 ----a-w C:\WINDOWS\~DFFB1A.tmp
2008-04-03 06:25 16,384 ----a-w C:\WINDOWS\~DFFB69.tmp
2008-04-02 21:19 --------- d-----w C:\Program Files\Odkurzacz
2008-04-02 21:17 16,384 ----a-w C:\WINDOWS\~DF8C1.tmp
2008-03-30 19:58 16,384 ----a-w C:\WINDOWS\~DF7EE.tmp
2008-03-28 22:58 16,384 ----a-w C:\WINDOWS\~DF873.tmp
2008-03-26 18:54 16,384 ----a-w C:\WINDOWS\~DF8A4.tmp
2008-03-26 12:48 --------- d-----w C:\Program Files\English Translator 3
2008-03-23 18:38 16,384 ----a-w C:\WINDOWS\~DF80A.tmp
2008-03-21 09:02 16,384 ----a-w C:\WINDOWS\~DF813.tmp
2008-03-19 11:04 16,384 ----a-w C:\WINDOWS\~DF7E2.tmp
2008-03-16 17:21 16,384 ----a-w C:\WINDOWS\~DF84B.tmp
2008-03-15 23:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 23:01 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Ahead
2008-03-15 23:00 --------- d-----w C:\Program Files\Nero
2008-03-15 20:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\CyberLink
2008-03-15 18:24 16,384 ----a-w C:\WINDOWS\~DFF59.tmp
2008-03-15 16:19 --------- d-----w C:\Program Files\CONEXANT
2008-03-15 07:11 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-15 01:12 --------- d-----w C:\Program Files\Lavalys
2008-03-15 00:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-15 00:16 --------- d-----w C:\Program Files\xp-AntiSpy
2008-03-15 00:16 --------- d-----w C:\Program Files\Winamp
2008-03-15 00:16 --------- d-----w C:\Program Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\IrfanView
2008-03-15 00:16 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-15 00:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-14 21:32 16,384 ----a-w C:\WINDOWS\~DFFFF2.tmp
2008-03-14 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-14 21:00 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
2008-03-14 20:58 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-14 20:54 --------- d-----w C:\Program Files\MarBit
2008-03-14 20:18 --------- d-----w C:\Program Files\ATMEL
2008-03-14 20:13 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-14 20:13 --------- d-----w C:\Program Files\Media Player Classic
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-14 20:10 --------- d-----w C:\Program Files\Cartall
2008-03-14 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 20:06 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.0.4
2008-03-14 20:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-03-14 20:04 --------- d-----w C:\Program Files\CyberLink
2008-03-14 19:53 --------- d-----w C:\Program Files\DITel
2008-03-14 19:34 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Lavasoft
2008-03-13 22:27 --------- d-----w C:\Program Files\Atheros
2008-03-13 22:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Atheros
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-03-13 20:30 --------- d-----w C:\Program Files\Synaptics
2008-03-13 19:42 --------- d-----w C:\Program Files\Broadcom
2008-03-13 19:38 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\InstallShield
2008-03-13 19:36 --------- d-----w C:\Program Files\Alwil Software
2008-03-13 16:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-13 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 16:13 --------- d-----w C:\Program Files\DIFX
2008-03-13 16:04 --------- d-----w C:\Program Files\Usługi online
2008-03-13 14:52 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 15:44 266240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-24 00:15 8478720]
"nwiz"="nwiz.exe" [2007-08-24 00:15 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-24 00:15 81920]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 15:13 202032]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 18:42 376921]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-07 16:13]
R3 USBFVNETA;ATMEL USB FastVNET (A);C:\WINDOWS\system32\DRIVERS\vnetusba.sys [2001-06-22 13:22]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\WINDOWS\system32\DRIVERS\athr.sys [2007-11-09 18:23]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 08:12:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-17 8:12:56
ComboFix-quarantined-files.txt 2008-04-17 06:12:51
Pre-Run: 2,850,029,568 bajtów wolnych
Post-Run: 2,841,632,768 bajtów wolnych
17 Kwi 2008, 15:37
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\~DFF956.tmp
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\~DFFB26.tmp
C:\WINDOWS\~DFFB73.tmp
C:\WINDOWS\~DF943.tmp
C:\WINDOWS\~DFFB79.tmp
C:\WINDOWS\~DFFB6A.tmp
C:\WINDOWS\~DFFB29.tmp
C:\WINDOWS\~DFFB57.tmp
C:\WINDOWS\~DFFB52.tmp
C:\WINDOWS\~DFFB33.tmp
C:\WINDOWS\~DFFB74.tmp
C:\WINDOWS\~DF87F.tmp
C:\WINDOWS\~DFFB1E.tmp
C:\WINDOWS\~DFFB45.tmp
C:\WINDOWS\~DFFE2F.tmp
C:\WINDOWS\~DF6B2.tmp
C:\WINDOWS\~DFFB19.tmp
C:\WINDOWS\~DFFB03.tmp
C:\WINDOWS\~DFFB1A.tmp
C:\WINDOWS\~DFFB69.tmp
C:\WINDOWS\~DF8C1.tmp
C:\WINDOWS\~DF7EE.tmp
C:\WINDOWS\~DF873.tmp
C:\WINDOWS\~DF80A.tmp
C:\WINDOWS\~DF813.tmp
C:\WINDOWS\~DF7E2.tmp
C:\WINDOWS\~DFF956.tmp
C:\WINDOWS\~DFFB26.tmp
C:\WINDOWS\~DFFB73.tmp
C:\WINDOWS\~DF943.tmp
C:\WINDOWS\~DFFB79.tmp
C:\WINDOWS\~DFFB6A.tmp
C:\WINDOWS\~DFFB57.tmp
C:\WINDOWS\~DFFB52.tmp
C:\WINDOWS\~DFFB33.tmp
C:\WINDOWS\~DFFB74.tmp
C:\WINDOWS\~DF87F.tmp
C:\WINDOWS\~DFFB1E.tmp
C:\WINDOWS\~DFFB45.tmp
C:\WINDOWS\~DFFE2F.tmp
C:\WINDOWS\~DF6B2.tmp
C:\WINDOWS\~DFFB19.tmp
C:\WINDOWS\~DF80A.tmp
C:\WINDOWS\~DF813.tmp
C:\WINDOWS\~DF7E2.tmp
C:\WINDOWS\~DF84B.tmp
C:\WINDOWS\~DFFFF2.tmp
C:\WINDOWS\~DFFB03.tmp
C:\WINDOWS\~DFFB1A.tmp
C:\WINDOWS\~DFFB69.tmp
C:\WINDOWS\~DF8C1.tmp
C:\WINDOWS\~DF7EE.tmp
C:\WINDOWS\~DF873.tmp
C:\WINDOWS\~DF8A4.tmp
C:\WINDOWS\~DF8A4.tmp
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
17 Kwi 2008, 20:00
- Kod:
ComboFix 08-04-13.1 - Ja 2008-04-17 19:56:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1535 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ja\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\~DF6B2.tmp
C:\WINDOWS\~DF7E2.tmp
C:\WINDOWS\~DF7EE.tmp
C:\WINDOWS\~DF80A.tmp
C:\WINDOWS\~DF813.tmp
C:\WINDOWS\~DF84B.tmp
C:\WINDOWS\~DF873.tmp
C:\WINDOWS\~DF87F.tmp
C:\WINDOWS\~DF8A4.tmp
C:\WINDOWS\~DF8C1.tmp
C:\WINDOWS\~DF943.tmp
C:\WINDOWS\~DFF956.tmp
C:\WINDOWS\~DFFB03.tmp
C:\WINDOWS\~DFFB19.tmp
C:\WINDOWS\~DFFB1A.tmp
C:\WINDOWS\~DFFB1E.tmp
C:\WINDOWS\~DFFB26.tmp
C:\WINDOWS\~DFFB29.tmp
C:\WINDOWS\~DFFB33.tmp
C:\WINDOWS\~DFFB45.tmp
C:\WINDOWS\~DFFB52.tmp
C:\WINDOWS\~DFFB57.tmp
C:\WINDOWS\~DFFB69.tmp
C:\WINDOWS\~DFFB6A.tmp
C:\WINDOWS\~DFFB73.tmp
C:\WINDOWS\~DFFB74.tmp
C:\WINDOWS\~DFFB79.tmp
C:\WINDOWS\~DFFE2F.tmp
C:\WINDOWS\~DFFFF2.tmp
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\~DF6B2.tmp
C:\WINDOWS\~DF7E2.tmp
C:\WINDOWS\~DF7EE.tmp
C:\WINDOWS\~DF80A.tmp
C:\WINDOWS\~DF813.tmp
C:\WINDOWS\~DF84B.tmp
C:\WINDOWS\~DF873.tmp
C:\WINDOWS\~DF87F.tmp
C:\WINDOWS\~DF8A4.tmp
C:\WINDOWS\~DF8C1.tmp
C:\WINDOWS\~DF943.tmp
C:\WINDOWS\~DFF956.tmp
C:\WINDOWS\~DFFB03.tmp
C:\WINDOWS\~DFFB19.tmp
C:\WINDOWS\~DFFB1A.tmp
C:\WINDOWS\~DFFB1E.tmp
C:\WINDOWS\~DFFB26.tmp
C:\WINDOWS\~DFFB29.tmp
C:\WINDOWS\~DFFB33.tmp
C:\WINDOWS\~DFFB45.tmp
C:\WINDOWS\~DFFB52.tmp
C:\WINDOWS\~DFFB57.tmp
C:\WINDOWS\~DFFB69.tmp
C:\WINDOWS\~DFFB6A.tmp
C:\WINDOWS\~DFFB73.tmp
C:\WINDOWS\~DFFB74.tmp
C:\WINDOWS\~DFFB79.tmp
C:\WINDOWS\~DFFE2F.tmp
C:\WINDOWS\~DFFFF2.tmp
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 18:31 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-13 21:56 . 2008-04-13 21:57 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-04-13 19:27 . 2008-04-13 19:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Program Files\ESET
2008-04-13 12:48 . 2008-04-13 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-04-13 09:20 . 2008-04-13 09:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-13 09:18 . 2008-04-13 09:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-13 08:41 . 2008-04-13 21:12 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\TmpRecentIcons
2008-03-26 13:49 . 2003-02-28 08:00 100,352 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2008-03-26 13:49 . 2003-02-14 18:01 73,728 -ra------ C:\WINDOWS\system32\CNMCP50.exe
2008-03-26 13:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-26 13:49 . 2003-02-28 08:00 5,632 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2008-03-25 00:01 . 2008-03-25 00:01 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\AdobeUM
2008-03-23 20:48 . 2008-03-23 20:56 <DIR> d-------- C:\Documents and Settings\Ja\Dane aplikacji\InternetCalls
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 17:52 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Skype
2008-04-17 16:42 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\skypePM
2008-04-13 06:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 21:19 --------- d-----w C:\Program Files\Odkurzacz
2008-03-26 12:48 --------- d-----w C:\Program Files\English Translator 3
2008-03-15 23:01 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 23:01 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Ahead
2008-03-15 23:00 --------- d-----w C:\Program Files\Nero
2008-03-15 20:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\CyberLink
2008-03-15 18:24 16,384 ----a-w C:\WINDOWS\~DFF59.tmp
2008-03-15 16:19 --------- d-----w C:\Program Files\CONEXANT
2008-03-15 07:11 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-15 01:12 --------- d-----w C:\Program Files\Lavalys
2008-03-15 00:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-15 00:16 --------- d-----w C:\Program Files\xp-AntiSpy
2008-03-15 00:16 --------- d-----w C:\Program Files\Winamp
2008-03-15 00:16 --------- d-----w C:\Program Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\IrfanView
2008-03-15 00:16 --------- d-----w C:\Program Files\Gadu-Gadu
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-15 00:16 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-15 00:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-03-14 21:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-03-14 21:00 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
2008-03-14 20:58 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-14 20:54 --------- d-----w C:\Program Files\MarBit
2008-03-14 20:18 --------- d-----w C:\Program Files\ATMEL
2008-03-14 20:13 --------- d-----w C:\Program Files\QuickTime Alternative
2008-03-14 20:13 --------- d-----w C:\Program Files\Media Player Classic
2008-03-14 20:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-14 20:10 --------- d-----w C:\Program Files\Cartall
2008-03-14 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 20:06 --------- d-----w C:\Program Files\OpenOffice.ux.pl 2.0.4
2008-03-14 20:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-03-14 20:04 --------- d-----w C:\Program Files\CyberLink
2008-03-14 19:53 --------- d-----w C:\Program Files\DITel
2008-03-14 19:34 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Lavasoft
2008-03-13 22:27 --------- d-----w C:\Program Files\Atheros
2008-03-13 22:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Atheros
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-13 21:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-03-13 20:30 --------- d-----w C:\Program Files\Synaptics
2008-03-13 19:42 --------- d-----w C:\Program Files\Broadcom
2008-03-13 19:38 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\InstallShield
2008-03-13 19:36 --------- d-----w C:\Program Files\Alwil Software
2008-03-13 16:56 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-13 16:56 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-13 16:13 --------- d-----w C:\Program Files\DIFX
2008-03-13 16:04 --------- d-----w C:\Program Files\Usługi online
2008-03-13 14:52 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-17_ 8.12.46,90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 06:04:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 16:42:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 15:44 266240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:21 21898024]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-24 00:15 8478720]
"nwiz"="nwiz.exe" [2007-08-24 00:15 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-24 00:15 81920]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 15:13 202032]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2007-05-03 18:42 376921]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R3 HpqRemHid;HP Remote Control HID Device;C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-07 16:13]
R3 USBFVNETA;ATMEL USB FastVNET (A);C:\WINDOWS\system32\DRIVERS\vnetusba.sys [2001-06-22 13:22]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 20:52]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\WINDOWS\system32\DRIVERS\athr.sys [2007-11-09 18:23]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 19:57:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-17 19:57:30
ComboFix-quarantined-files.txt 2008-04-17 17:57:26
ComboFix2.txt 2008-04-17 06:12:56
Pre-Run: 2,816,471,040 bajtów wolnych
Post-Run: 2,807,386,112 bajtów wolnych
17 Kwi 2008, 20:08
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka
CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\~DFF59.tmp
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox