Folder winfile

[walen25]

pojawil sie dzisiaj na kazdej partycji... oto logi
hijackthis:

Kod: Zaznacz wszystko

[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:05, on 2008-08-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
J:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
E:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
j:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\TEMP\WUUR.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Pulpit\GRYYY\YASU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\bfghf\HijackThis.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WinampAgent] "J:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo Demo\expressivo.exe" -t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - j:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/user/USTAWI~1/Temp/msohtml1/06/clip_image002.jpg

--
End of file - 6549 bytes[/code]

combofix:

Kod: Zaznacz wszystko

[code]ComboFix 08-07-20.A0 - user 2008-08-10 19:30:07.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1532 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((   Files Created from 2008-07-10 to 2008-08-10  )))))))))))))))))))))))))))))))
.

2008-08-03 15:32 . 2008-08-03 15:32   <DIR>   d--------   C:\Program Files\HLTooLz
2008-08-03 15:32 . 2008-08-03 15:32   249,856   ---------   C:\WINDOWS\Setup1.exe
2008-08-03 15:32 . 2008-08-03 15:32   73,216   --a------   C:\WINDOWS\ST6UNST.EXE
2008-07-20 20:42 . 2008-07-20 20:42   697   ---hs----   C:\comment.htt
2008-07-20 20:42 . 2008-07-20 20:42   72   ---hs----   C:\desktop.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 17:17   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Azureus
2008-08-06 07:41   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-03 19:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-08-02 09:03   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-31 09:29   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Wildfire
2008-07-10 12:18   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Bioshock
2008-07-06 19:05   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-07-04 13:38   ---------   d-----w   C:\Program Files\Azureus
2008-06-30 19:09   ---------   d-----w   C:\Program Files\IKEA HomePlanner
2008-06-30 19:08   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 14:50   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-28 14:50   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-06-28 14:49   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\SUPERAntiSpyware.com
2008-06-26 08:35   271,360   ----a-w   C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-26 08:35   18,048   ----a-w   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-26 07:17   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-06-17 20:08   ---------   d-----w   C:\Program Files\ivo
2008-06-17 20:08   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Expressivo
2008-06-16 19:40   ---------   d-----w   C:\Program Files\SopCast
2008-05-12 15:56   397,312   ----a-w   C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54   305,152   ----a-w   C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53   307,200   ----a-w   C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45   43,520   ----a-w   C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45   26,112   ----a-w   C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45   180,224   ----a-w   C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45   139,264   ----a-w   C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44   139,264   ----a-w   C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43   540,672   ----a-w   C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43   10,153,984   ----a-w   C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41   53,248   ----a-w   C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32   3,203,168   ----a-w   C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22   1,999,616   ----a-w   C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09   47,104   ----a-w   C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05   327,680   ----a-w   C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03   19,968   ----a-w   C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03   17,408   ----a-w   C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02   241,664   ----a-w   C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57   548,864   ----a-w   C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49   593,920   ------w   C:\WINDOWS\system32\ati2sgag.exe
2008-02-18 13:32   22,328   ----a-w   C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys
2007-10-23 18:02   1,010   -c--a-w   C:\Program Files\INSTALL.LOG
.

(((((((((((((((((((((((((((((   snapshot@2008-06-28_17.06.59,32   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 11:29:29   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-06-30 19:44:21   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-30 11:29:29   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-06-30 19:44:22   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-30 11:29:29   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-06-30 19:44:22   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-30 11:29:28   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-30 19:44:22   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-30 11:29:29   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-06-30 19:44:22   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-30 11:29:29   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-06-30 19:44:22   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-30 11:29:29   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-06-30 19:44:22   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-30 11:29:29   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-06-30 19:44:23   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-30 11:29:29   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-30 19:44:21   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-03-09 19:43:28   3,062   ----a-w   C:\WINDOWS\mozver.dat
+ 2008-07-11 12:34:10   3,520   ----a-w   C:\WINDOWS\mozver.dat
- 2000-05-24 04:45:58   118,784   -c--a-w   C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-07-14 23:00:00   118,784   ----a-w   C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-07-14 23:00:00   101,888   ----a-w   C:\WINDOWS\system32\VB6STKIT.DLL
+ 2104-12-22 22:51:18   49,152   ----a-w   C:\WINDOWS\temp\WUUR.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-25 17:27 2101248]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 16:03 36864]
"Expressivo"="C:\Program Files\ivo\Expressivo Demo\expressivo.exe" [2007-10-15 09:29 1912832]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 15:23 1034752 C:\WINDOWS\explorer.exe]
"wsctf.exe"="wsctf.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-10 12:10 327680]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WinampAgent"="J:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 23:42 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,EXPLORER.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.1.lnk]
path=C:\Documents and Settings\user\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 12:06 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-16 13:24 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
--a------ 2007-06-13 15:23 1034752 C:\WINDOWS\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"E:\\gry\\FlatOut 2\\FlatOut2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\gry\\Call of Duty 4\\iw3mp.exe"=
"E:\\gry\\test drive\\TestDriveUnlimited.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"E:\\gry\\GEARS OF WAR\\Binaries\\WarGame-G4WLive.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:0\\pes8engralph\\PES2008.exe"=
"E:\\pes8engralph\\PES2008.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\gry\\crysis\\Bin32\\Crysis.exe"=
"E:\\gry\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"E:\\gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

S3 pnicml;pnicml;C:\DOCUME~1\user\USTAWI~1\Temp\pnicml.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05a229e2-6b8f-11dc-91bf-0019db64c9f0}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a57bd26-7008-11dc-91e2-0019db64c9f0}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1236fcfc-4f35-11dd-8fea-0019db64c9f0}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6e7e6c-1a95-11dd-adfb-0019db64c9f0}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\EXPLORER.EXE
\Shell\open\Command - J:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5386bad0-c501-11dc-ad3a-0019db64c9f0}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\
\Shell\open\Command - J:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eafe0e-813e-11dc-ac77-0019db64c9f0}]
\Shell\AutoRun\command - N:\EXPLORER.EXE
\Shell\explore\Command - N:\EXPLORER.EXE
\Shell\open\Command - N:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74f2ed1a-7b43-11dc-920d-0019db64c9f0}]
\Shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7911b842-8fab-11dc-aca6-0019db64c9f0}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\EXPLORER.EXE
\Shell\open\Command - J:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87b31bae-c6a1-11dc-ad40-0019db64c9f0}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\EXPLORER.EXE
\Shell\open\Command - J:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{881210c8-9ff0-11dc-acd7-0019db64c9f0}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\EXPLORER.EXE
\Shell\open\Command - J:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98bd4f02-4367-11dd-8fb7-0019db64c9f0}]
\Shell\AutoRun\command - M:\rthrw.com
\Shell\explore\Command - M:\rthrw.com
\Shell\open\Command - M:\rthrw.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3a4079f-bab0-11dc-ad0e-0019db64c9f0}]
\Shell\AutoRun\command - N:\EXPLORER.EXE
\Shell\explore\Command - N:\EXPLORER.EXE
\Shell\open\Command - N:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2271ae8-6b6e-11dc-b1fd-0019db64c9f0}]
\Shell\AutoRun\command - M:\EXPLORER.EXE
\Shell\explore\Command - M:\
\Shell\open\Command - M:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d46395cf-6a8e-11dc-b571-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e79120a0-6ce9-11dc-91da-0019db64c9f0}]
\Shell\AutoRun\command - N:\EXPLORER.EXE
\Shell\explore\Command - N:\
\Shell\open\Command - N:\EXPLORER.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.com/
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 -: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 19:30:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-10 19:31:10
ComboFix-quarantined-files.txt  2008-08-10 17:31:08
ComboFix2.txt  2008-08-10 16:39:24
ComboFix3.txt  2008-07-21 18:07:24
ComboFix4.txt  2008-07-14 13:22:43
ComboFix5.txt  2008-08-10 17:30:03

Pre-Run: 14,984,908,800 bajtów wolnych
Post-Run: 14,977,871,872 bajtów wolnych

239   --- E O F ---   2008-01-02 22:00:11[/code]




PROSZĘ o pomoc

[djarta]

1)

F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe

Te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

2)

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

3)

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
C:\comment.htt
C:\desktop.ini
C:\EXPLORER.EXE
E:\EXPLORER.EXE
J:\EXPLORER.EXE
N:\EXPLORER.EXE
M:\EXPLORER.EXE
M:\rthrw.com
C:\rthrw.com
E:\rthrw.com
J:\rthrw.com
N:\rthrw.com

Driver::
pnicml

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
"wsctf.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

[walen25]

edit by D!

wstawiaj te logi w tagi code

Kod: Zaznacz wszystko

ComboFix 08-07-20.A0 - user 2008-08-10 20:15:42.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.1514 [GMT 2:00]
Running from: C:\Documents and Settings\user\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Pulpit\cfscript.txt.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\comment.htt
C:\desktop.ini
C:\EXPLORER.EXE
C:\rthrw.com
E:\EXPLORER.EXE
E:\rthrw.com
J:\EXPLORER.EXE
J:\rthrw.com
M:\EXPLORER.EXE
M:\rthrw.com
N:\EXPLORER.EXE
N:\rthrw.com
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\comment.htt
C:\desktop.ini
C:\rthrw.com
E:\rthrw.com
J:\EXPLORER.EXE
J:\rthrw.com

.
(((((((((((((((((((((((((   Files Created from 2008-07-10 to 2008-08-10  )))))))))))))))))))))))))))))))
.

2008-08-10 19:55 . 2008-08-10 19:55   <DIR>   d--------   C:\SDFix
2008-08-03 15:32 . 2008-08-03 15:32   <DIR>   d--------   C:\Program Files\HLTooLz
2008-08-03 15:32 . 2008-08-03 15:32   249,856   ---------   C:\WINDOWS\Setup1.exe
2008-08-03 15:32 . 2008-08-03 15:32   73,216   --a------   C:\WINDOWS\ST6UNST.EXE

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2104-12-22 22:51   49,152   ----a-w   C:\WINFILE.EXE
2008-08-09 17:17   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Azureus
2008-08-06 07:41   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-03 19:24   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-08-02 09:03   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-31 09:29   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Wildfire
2008-07-10 12:18   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Bioshock
2008-07-06 19:05   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Winamp
2008-07-04 13:38   ---------   d-----w   C:\Program Files\Azureus
2008-06-30 19:09   ---------   d-----w   C:\Program Files\IKEA HomePlanner
2008-06-30 19:08   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-06-28 14:50   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-06-28 14:50   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
2008-06-28 14:49   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\SUPERAntiSpyware.com
2008-06-26 08:35   271,360   ----a-w   C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-26 08:35   18,048   ----a-w   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-26 07:17   ---------   d-----w   C:\Program Files\AGEIA Technologies
2008-06-17 20:08   ---------   d-----w   C:\Program Files\ivo
2008-06-17 20:08   ---------   d-----w   C:\Documents and Settings\user\Dane aplikacji\Expressivo
2008-06-16 19:40   ---------   d-----w   C:\Program Files\SopCast
2008-05-12 15:56   397,312   ----a-w   C:\WINDOWS\system32\ATIDEMGX.dll
2008-05-12 15:54   305,152   ----a-w   C:\WINDOWS\system32\ati2dvag.dll
2008-05-12 15:53   307,200   ----a-w   C:\WINDOWS\system32\atiiiexx.dll
2008-05-12 15:45   43,520   ----a-w   C:\WINDOWS\system32\ati2edxx.dll
2008-05-12 15:45   26,112   ----a-w   C:\WINDOWS\system32\Ati2mdxx.exe
2008-05-12 15:45   180,224   ----a-w   C:\WINDOWS\system32\atipdlxx.dll
2008-05-12 15:45   139,264   ----a-w   C:\WINDOWS\system32\Oemdspif.dll
2008-05-12 15:44   139,264   ----a-w   C:\WINDOWS\system32\ati2evxx.dll
2008-05-12 15:43   540,672   ----a-w   C:\WINDOWS\system32\ati2evxx.exe
2008-05-12 15:43   10,153,984   ----a-w   C:\WINDOWS\system32\atioglx2.dll
2008-05-12 15:41   53,248   ----a-w   C:\WINDOWS\system32\ATIDDC.DLL
2008-05-12 15:32   3,203,168   ----a-w   C:\WINDOWS\system32\ati3duag.dll
2008-05-12 15:22   1,999,616   ----a-w   C:\WINDOWS\system32\ativvaxx.dll
2008-05-12 15:09   47,104   ----a-w   C:\WINDOWS\system32\amdpcom32.dll
2008-05-12 15:05   327,680   ----a-w   C:\WINDOWS\system32\atikvmag.dll
2008-05-12 15:03   19,968   ----a-w   C:\WINDOWS\system32\atiadlxx.dll
2008-05-12 15:03   17,408   ----a-w   C:\WINDOWS\system32\atitvo32.dll
2008-05-12 15:02   241,664   ----a-w   C:\WINDOWS\system32\atiok3x2.dll
2008-05-12 14:57   548,864   ----a-w   C:\WINDOWS\system32\ati2cqag.dll
2008-05-12 08:49   593,920   ------w   C:\WINDOWS\system32\ati2sgag.exe
2008-02-18 13:32   22,328   ----a-w   C:\Documents and Settings\user\Dane aplikacji\PnkBstrK.sys
2007-10-23 18:02   1,010   -c--a-w   C:\Program Files\INSTALL.LOG
.

(((((((((((((((((((((((((((((   snapshot@2008-06-28_17.06.59,32   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 11:29:29   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-06-30 19:44:21   53,248   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-05-30 11:29:29   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-06-30 19:44:22   12,800   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-05-30 11:29:29   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-06-30 19:44:22   473,600   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-05-30 11:29:28   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-06-30 19:44:22   577,024   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-05-30 11:29:29   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-06-30 19:44:22   145,920   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-05-30 11:29:29   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-06-30 19:44:22   159,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-05-30 11:29:29   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-06-30 19:44:22   364,544   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-05-30 11:29:29   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-06-30 19:44:23   178,176   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-05-30 11:29:29   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-06-30 19:44:21   223,232   ----a-w   C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-03-09 19:43:28   3,062   ----a-w   C:\WINDOWS\mozver.dat
+ 2008-07-11 12:34:10   3,520   ----a-w   C:\WINDOWS\mozver.dat
- 2000-05-24 04:45:58   118,784   -c--a-w   C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-07-14 23:00:00   118,784   ----a-w   C:\WINDOWS\system32\MSSTDFMT.DLL
+ 2000-07-14 23:00:00   101,888   ----a-w   C:\WINDOWS\system32\VB6STKIT.DLL
+ 2104-12-22 22:51:18   49,152   ----a-w   C:\WINDOWS\temp\WUUR.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-04-25 17:27 2101248]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Expressivo"="C:\Program Files\ivo\Expressivo Demo\expressivo.exe" [2007-10-15 09:29 1912832]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-10 12:10 327680]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WinampAgent"="J:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 23:42 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.1.lnk]
path=C:\Documents and Settings\user\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 12:06 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-16 13:24 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
--a------ 2007-06-13 15:23 1034752 C:\WINDOWS\explorer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"E:\\gry\\FlatOut 2\\FlatOut2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\gry\\Call of Duty 4\\iw3mp.exe"=
"E:\\gry\\test drive\\TestDriveUnlimited.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"E:\\gry\\GEARS OF WAR\\Binaries\\WarGame-G4WLive.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:0\\pes8engralph\\PES2008.exe"=
"E:\\pes8engralph\\PES2008.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\gry\\crysis\\Bin32\\Crysis.exe"=
"E:\\gry\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"E:\\gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

S3 pnicml;pnicml;C:\DOCUME~1\user\USTAWI~1\Temp\pnicml.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-10 20:15:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-10 20:16:57
ComboFix-quarantined-files.txt  2008-08-10 18:16:52
ComboFix2.txt  2008-08-10 17:31:11
ComboFix3.txt  2008-08-10 16:39:24
ComboFix4.txt  2008-07-21 18:07:24
ComboFix5.txt  2008-08-10 18:15:28

Pre-Run: 14,959,915,008 bajtów wolnych
Post-Run: 15,310,835,712 bajtów wolnych

195   --- E O F ---   2008-01-02 22:00:11
[code][/code]

[Magik]

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

+
program-szukajacy-trojanow-i-malware-vt97108.html

[walen25]

1)



F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe



Te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked

2)

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

3)

Wklej do Notatnika:


Kod: Zaznacz wszystko

File::
C:\comment.htt
C:\desktop.ini
C:\EXPLORER.EXE
E:\EXPLORER.EXE
J:\EXPLORER.EXE
N:\EXPLORER.EXE
M:\EXPLORER.EXE
M:\rthrw.com
C:\rthrw.com
E:\rthrw.com
J:\rthrw.com
N:\rthrw.com

Driver::
pnicml

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
"wsctf.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]



>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

wszystko co napisales zrobilem... lecz po zrestartowaniu kompa juz go niewłączyłem wiec musialem zrobic formata nieplanowanego ale dzieki za pomoc

Dodano Dzisiaj, 22:11:
ale po formacie udalo sie normalnie usunac plik winfile z kazdej partycji