Problem rootkit lub wirus w klif.sys

**Posty:** 8 · przez **frugo84** 14 Sty 2009, 21:38

Mam laptopa z zainstalowanym Avastem i cały czas po uruchomieniu systemu Avast wykrywa Rootkita w klif.sys, daje mu usuń ale to nic nie pomaga bo po restarcie znowu tam jest
Na dyskach są też takie pliki jak iq.bat i autoran.inf które usuwam ale po pewnym czasie pojawiają się znowu

Hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:25:01, on 2009-01-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\TC PowerPack\totalcmd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Nokia PC Suite 6\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Nokia PC Suite 6\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Kaspersky\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 4310 bytes

Combofix

Kod: Zaznacz wszystko: ComboFix 09-01-13.04 - Artur 2009-01-14 20:15:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3071.2675 [GMT 1:00] Uruchomiony z: c:\documents and settings\Artur\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\iq.bat c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]009690E.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]009E34F.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]00A36BF.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]00D566D.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\[u]0[/u]00E0CCD.jpg c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]007B813.urr c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]009669D.urr c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]009E330.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00A369F.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00A6F14.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00B6C51.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00CC345.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00D09F3.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00D564E.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00E0CAE.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00E4C66.dat c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]00E6BC5.dat c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\[u]0[/u]004D07B c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0306586.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]03071FA.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0307BFC.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]030891C.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\system32\f3PSSavr.scr D:\Autorun.inf D:\iq.bat . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Pliki utworzone od 2008-12-14 do 2009-01-14 ))))))))))))))))))))))))))))))) . 2009-01-14 20:07 . 2009-01-14 20:07 <DIR> d-------- c:\windows\ERUNT 2009-01-14 20:04 . 2009-01-14 20:17 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2009-01-14 20:04 . 2008-12-08 20:06 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2009-01-14 20:04 . 2009-01-14 20:04 <DIR> d-------- c:\documents and settings\Administrator 2009-01-14 20:01 . 2009-01-14 20:11 <DIR> d-------- C:\SDFix 2009-01-14 13:16 . 2009-01-14 13:16 109,489 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-14 13:16 . 2009-01-14 20:12 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll 2009-01-13 11:40 . 2009-01-13 10:44 90,112 --------- c:\windows\system32\trzCE.tmp 2009-01-13 11:37 . 2009-01-13 11:37 <DIR> d-------- c:\documents and settings\Artur\.gstreamer-0.10 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM WiFi manager 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM 2009-01-12 20:10 . 2007-01-16 13:52 20,608 --a------ c:\windows\system32\drivers\BRGSp50.sys 2009-01-12 20:10 . 2007-01-16 13:52 17,664 --a------ c:\windows\system32\drivers\ZDPSp50.sys 2009-01-12 20:09 . 2007-01-10 10:14 450,560 --a------ c:\windows\system32\drivers\WlanBZXP.sys 2009-01-12 19:12 . 2009-01-12 21:57 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Nowe Gadu-Gadu 2009-01-12 19:10 . 2009-01-12 19:10 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Alwil Software 2009-01-12 11:20 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-10 20:08 . 2009-01-10 20:08 <DIR> d-------- C:\Temp 2009-01-10 13:59 . 2009-01-12 17:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-10 10:39 . 2009-01-10 10:39 <DIR> d-------- c:\program files\Opera 2009-01-06 19:01 . 2009-01-06 19:01 <DIR> d-------- c:\documents and settings\Rodzina\Phone Browser 2009-01-05 14:28 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll 2009-01-05 14:28 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll 2009-01-02 21:36 . 2009-01-03 12:50 83 --a------ c:\windows\wwp.INI 2009-01-01 13:00 . 2004-08-04 00:44 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-01 13:00 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-24 19:31 . 2009-01-01 23:12 <DIR> d-------- c:\documents and settings\Artur\Phone Browser 2008-12-24 10:57 . 2004-09-10 19:15 86,094 --a------ c:\windows\system32\ImageDrive.cpl 2008-12-22 19:35 . 2009-01-05 11:21 116 --a------ c:\windows\NeroDigital.ini 2008-12-22 13:26 . 2009-01-01 20:33 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Nokia Multimedia Player 2008-12-21 12:25 . 2008-12-21 12:28 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-21 10:59 . 2008-12-21 10:59 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\AdobeUM 2008-12-15 22:30 . 2008-12-15 22:30 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Imperium Romanum 2008-12-14 15:50 . 2008-12-14 15:50 1,172 --a------ c:\windows\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 13:34 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-14 13:34 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-14 13:34 --------- d-----w c:\program files\Net Activity Diagram 2009-01-12 19:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-12 19:08 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-06 20:21 --------- d-----w c:\program files\DAEMON Tools Lite 2009-01-03 11:06 --------- d-----w c:\program files\Winamp 2008-12-24 18:33 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\PC Suite 2008-12-22 18:25 --------- d-----w c:\program files\SubEdit-Player2 2008-12-21 09:44 --------- d-----w c:\program files\Common Files\Adobe 2008-12-11 18:54 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-11 16:25 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\Civitas2 2008-12-10 21:50 --------- d-----w c:\program files\Electronic Arts 2008-12-10 21:45 1,582 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-10 21:44 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Leadertech 2008-12-10 19:52 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\DAEMON Tools 2008-12-10 16:16 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\PC Suite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\PCSuite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\Nokia 2008-12-09 19:36 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Nokia 2008-12-09 19:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite 2008-12-09 19:35 --------- d-----w c:\program files\PC Connectivity Solution 2008-12-09 19:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations 2008-12-09 18:38 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Gadu-Gadu 2008-12-09 18:37 --------- d-----w c:\program files\Gadu-Gadu 2008-12-09 18:23 --------- d-----w c:\program files\Mount&Blade 2008-12-09 18:23 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Mount&Blade 2008-12-09 17:02 --------- d-----w c:\program files\Common Files\EasyInfo 2008-12-09 13:32 --------- d-----w c:\program files\Lavalys 2008-12-09 08:54 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\IrfanView 2008-12-09 08:23 --------- d-----w c:\program files\A4Tech 2008-12-09 08:11 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\MetaProducts 2008-12-08 21:27 --------- d-----w c:\program files\Microsoft.NET 2008-12-08 21:20 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-12-08 21:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-08 21:18 --------- d-----w c:\program files\TC PowerPack 2008-12-08 21:18 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\DAEMON Tools 2008-12-08 20:33 --------- d-----w c:\program files\Common Files\Ahead 2008-12-08 20:33 --------- d-----w c:\program files\Ahead 2008-12-08 20:26 --------- d-----w c:\program files\IrfanView 2008-12-08 20:22 --------- d-----w c:\program files\Real Alternative 2008-12-08 20:22 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Media Player Classic 2008-12-08 20:21 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-08 20:03 --------- d-----w c:\program files\ATKGFNEX 2008-12-08 20:03 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\InstallShield 2008-12-08 19:57 --------- d-----w c:\program files\Intel 2008-12-08 19:52 --------- d-----w c:\program files\DIFX 2008-12-08 19:21 --------- d-----w c:\program files\Realtek 2008-12-08 19:10 --------- d-----w c:\program files\microsoft frontpage 2008-12-08 19:08 --------- d-----w c:\program files\Usługi online 2008-11-04 14:52 13,590,528 ----a-w c:\windows\system32\nvcpl.dll 2008-10-28 16:18 17,331,200 ----a-w c:\windows\RTHDCPL.EXE 2008-10-27 17:12 34,816 ----a-w c:\windows\system32\RtkCoInstXP.dll 2008-10-24 14:30 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2009-01-12 19:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-12 19:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-12 19:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-12 19:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-12 19:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-14 109489] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] "PCSuiteTrayApplication"="d:\nokia pc suite 6\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-04 13590528] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Nokia.PCSync"="d:\nokia pc suite 6\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-01-12 950272] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain1.dll" [2004-08-03 78848] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\HL2\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-12 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-12 20560] R4 Nadim;NAD Proto Driver;c:\windows\system32\drivers\nadim.sys [2008-12-09 18688] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-01-12 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35d5c850-dc20-11dd-9213-002354683da1}] \Shell\AutoRun\command - G:\2w.cmd \Shell\explore\Command - G:\2w.cmd \Shell\open\Command - G:\2w.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ab6b66-cf7f-11dd-918c-002354683da1}] \Shell\AutoRun\command - G:\yew.bat \Shell\explore\Command - G:\yew.bat \Shell\open\Command - G:\yew.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a7963f-d5b6-11dd-91cc-002354683da1}] \Shell\AutoRun\command - G:\iqosrtk.bat \Shell\explore\Command - G:\iqosrtk.bat \Shell\open\Command - G:\iqosrtk.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5d0f6dc-d113-11dd-919a-002354683da1}] \Shell\AutoRun\command - G:\2w.cmd \Shell\explore\Command - G:\2w.cmd \Shell\open\Command - G:\2w.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf03b2c8-d84f-11dd-91e7-002354683da1}] \Shell\AutoRun\command - G:\2w.cmd \Shell\explore\Command - G:\2w.cmd \Shell\open\Command - G:\2w.cmd . . ------- Skan uzupełniający ------- . IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: Dodaj do blokowanych banerów - d:\kaspersky\ie_banner_deny.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\ql61bzn5.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 20:19:02 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(552) c:\windows\system32\CLBCATQ.DLL . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\agrsmsvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-01-14 20:20:15 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-01-14 19:20:13 Przed: 45 675 233 280 bajtów wolnych Po: 45,762,076,672 bajtów wolnych 325 --- E O F --- 2008-12-13 16:16:30

SDFix

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-01-14 at 20:08 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 20:11:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:7c,ed,3f,11,0a,42,3c,49,11,ce,cc,59,16,71,c0,fa,e3,26,82,f1,bf,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,99,d3,d5,0e,77,78,32,c7,b1,8c,96,b3,e7,02,60,18,af,.. "khjeh"=hex:e5,43,26,65,a3,14,74,91,5c,b9,0e,76,a7,5d,e7,5d,a7,a5,96,31,d2,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fb,10,a7,71,8e,6f,83,f3,54,03,3d,9d,e0,e5,8a,4f,b0,f3,ff,ec,18,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:7c,ed,3f,11,0a,42,3c,49,11,ce,cc,59,16,71,c0,fa,e3,26,82,f1,bf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,99,d3,d5,0e,77,78,32,c7,b1,8c,96,b3,e7,02,60,18,af,.. "khjeh"=hex:e5,43,26,65,a3,14,74,91,5c,b9,0e,76,a7,5d,e7,5d,a7,a5,96,31,d2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fb,10,a7,71,8e,6f,83,f3,54,03,3d,9d,e0,e5,8a,4f,b0,f3,ff,ec,18,.. scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain] "y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="z:\$IMPORT$DS$ROOT$\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Gry\\HL2\\hl2.exe"="D:\\Gry\\HL2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 14 Jan 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll" Wed 14 Jan 2009 109,489 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe" Sat 10 Jan 2009 1,872,240 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\82bc924c8e9fab25ef0a6057c18b1d79\BIT45.tmp" Sun 21 Dec 2008 59,525,014 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c572f98f078e9c9994c58a928b851a98\download\BIT40.tmp" [b]Finished![/b]

Proszę o pomoc

**Posty:** 18165 · przez **wojtas** 14 Sty 2009, 22:21

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\olhrwef.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\trzCE.tmp
c:\windows\AhnRpta.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35d5c850-dc20-11dd-9213-002354683da1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68ab6b66-cf7f-11dd-918c-002354683da1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a7963f-d5b6-11dd-91cc-002354683da1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5d0f6dc-d113-11dd-919a-002354683da1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf03b2c8-d84f-11dd-91e7-002354683da1}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Autor postu otrzymał pochwałę

**Posty:** 8 · przez **frugo84** 14 Sty 2009, 22:58

Wygląda na to, że problem zniknął

Ale tu jeszcze dla pewności nowy log z Combofixa

Kod: Zaznacz wszystko: ComboFix 09-01-13.04 - Artur 2009-01-14 21:46:06.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3071.2683 [GMT 1:00] Uruchomiony z: c:\documents and settings\Artur\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Artur\Pulpit\CFScript.txt AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\iq.bat D:\Autorun.inf D:\iq.bat . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-14 do 2009-01-14 ))))))))))))))))))))))))))))))) . 2009-01-14 20:20 . 2009-01-14 20:20 <DIR> d-------- c:\program files\Trend Micro 2009-01-14 20:07 . 2009-01-14 20:07 <DIR> d-------- c:\windows\ERUNT 2009-01-14 20:04 . 2009-01-14 21:47 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2009-01-14 20:04 . 2008-12-08 20:06 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2009-01-14 20:04 . 2009-01-14 21:36 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2009-01-14 20:04 . 2009-01-14 20:04 <DIR> d-------- c:\documents and settings\Administrator 2009-01-14 20:01 . 2009-01-14 20:11 <DIR> d-------- C:\SDFix 2009-01-14 13:16 . 2009-01-14 13:16 109,489 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-14 13:16 . 2009-01-14 21:44 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll 2009-01-13 11:40 . 2009-01-13 10:44 90,112 --------- c:\windows\system32\trzCE.tmp 2009-01-13 11:37 . 2009-01-13 11:37 <DIR> d-------- c:\documents and settings\Artur\.gstreamer-0.10 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM WiFi manager 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM 2009-01-12 20:10 . 2007-01-16 13:52 20,608 --a------ c:\windows\system32\drivers\BRGSp50.sys 2009-01-12 20:10 . 2007-01-16 13:52 17,664 --a------ c:\windows\system32\drivers\ZDPSp50.sys 2009-01-12 20:09 . 2007-01-10 10:14 450,560 --a------ c:\windows\system32\drivers\WlanBZXP.sys 2009-01-12 19:12 . 2009-01-12 21:57 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Nowe Gadu-Gadu 2009-01-12 19:10 . 2009-01-12 19:10 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Alwil Software 2009-01-12 11:20 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-10 20:08 . 2009-01-10 20:08 <DIR> d-------- C:\Temp 2009-01-10 13:59 . 2009-01-12 17:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-10 10:39 . 2009-01-10 10:39 <DIR> d-------- c:\program files\Opera 2009-01-06 19:01 . 2009-01-06 19:01 <DIR> d-------- c:\documents and settings\Rodzina\Phone Browser 2009-01-05 14:28 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll 2009-01-05 14:28 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll 2009-01-02 21:36 . 2009-01-03 12:50 83 --a------ c:\windows\wwp.INI 2009-01-01 13:00 . 2004-08-04 00:44 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-01 13:00 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-24 19:31 . 2009-01-01 23:12 <DIR> d-------- c:\documents and settings\Artur\Phone Browser 2008-12-24 10:57 . 2004-09-10 19:15 86,094 --a------ c:\windows\system32\ImageDrive.cpl 2008-12-22 19:35 . 2009-01-05 11:21 116 --a------ c:\windows\NeroDigital.ini 2008-12-22 13:26 . 2009-01-01 20:33 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Nokia Multimedia Player 2008-12-21 12:25 . 2008-12-21 12:28 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-21 10:59 . 2008-12-21 10:59 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\AdobeUM 2008-12-15 22:30 . 2008-12-15 22:30 <DIR> d-------- c:\documents and settings\Artur\Dane aplikacji\Imperium Romanum 2008-12-14 15:50 . 2008-12-14 15:50 1,172 --a------ c:\windows\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 13:34 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-14 13:34 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-14 13:34 --------- d-----w c:\program files\Net Activity Diagram 2009-01-12 19:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-12 19:08 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-06 20:21 --------- d-----w c:\program files\DAEMON Tools Lite 2009-01-03 11:06 --------- d-----w c:\program files\Winamp 2008-12-24 18:33 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\PC Suite 2008-12-22 18:25 --------- d-----w c:\program files\SubEdit-Player2 2008-12-21 09:44 --------- d-----w c:\program files\Common Files\Adobe 2008-12-11 18:54 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-11 16:25 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\Civitas2 2008-12-10 21:50 --------- d-----w c:\program files\Electronic Arts 2008-12-10 21:45 1,582 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-10 21:44 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Leadertech 2008-12-10 19:52 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\DAEMON Tools 2008-12-10 16:16 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\PC Suite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\PCSuite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\Nokia 2008-12-09 19:36 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Nokia 2008-12-09 19:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite 2008-12-09 19:35 --------- d-----w c:\program files\PC Connectivity Solution 2008-12-09 19:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations 2008-12-09 18:38 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Gadu-Gadu 2008-12-09 18:37 --------- d-----w c:\program files\Gadu-Gadu 2008-12-09 18:23 --------- d-----w c:\program files\Mount&Blade 2008-12-09 18:23 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Mount&Blade 2008-12-09 17:02 --------- d-----w c:\program files\Common Files\EasyInfo 2008-12-09 13:32 --------- d-----w c:\program files\Lavalys 2008-12-09 08:54 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\IrfanView 2008-12-09 08:23 --------- d-----w c:\program files\A4Tech 2008-12-09 08:11 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\MetaProducts 2008-12-08 21:27 --------- d-----w c:\program files\Microsoft.NET 2008-12-08 21:20 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-12-08 21:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-08 21:18 --------- d-----w c:\program files\TC PowerPack 2008-12-08 21:18 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\DAEMON Tools 2008-12-08 20:33 --------- d-----w c:\program files\Common Files\Ahead 2008-12-08 20:33 --------- d-----w c:\program files\Ahead 2008-12-08 20:26 --------- d-----w c:\program files\IrfanView 2008-12-08 20:22 --------- d-----w c:\program files\Real Alternative 2008-12-08 20:22 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\Media Player Classic 2008-12-08 20:21 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-08 20:03 --------- d-----w c:\program files\ATKGFNEX 2008-12-08 20:03 --------- d-----w c:\documents and settings\Artur\Dane aplikacji\InstallShield 2008-12-08 19:57 --------- d-----w c:\program files\Intel 2008-12-08 19:52 --------- d-----w c:\program files\DIFX 2008-12-08 19:21 --------- d-----w c:\program files\Realtek 2008-12-08 19:10 --------- d-----w c:\program files\microsoft frontpage 2008-12-08 19:08 --------- d-----w c:\program files\Usługi online 2008-11-04 14:52 13,590,528 ----a-w c:\windows\system32\nvcpl.dll 2008-10-28 16:18 17,331,200 ----a-w c:\windows\RTHDCPL.EXE 2008-10-27 17:12 34,816 ----a-w c:\windows\system32\RtkCoInstXP.dll 2008-10-24 14:30 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2009-01-12 19:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-12 19:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-12 19:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-12 19:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-12 19:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-14_20.19.42.45 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-14 19:18:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_658.dat + 2009-01-14 20:40:50 16,384 ----atw c:\windows\temp\Perflib_Perfdata_658.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] "PCSuiteTrayApplication"="d:\nokia pc suite 6\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-04 13590528] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Nokia.PCSync"="d:\nokia pc suite 6\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-01-12 950272] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "EA Core"=c:\program files\Electronic Arts\EADM\Core.exe -silent [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\HL2\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-12 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-12 20560] R4 Nadim;NAD Proto Driver;c:\windows\system32\drivers\nadim.sys [2008-12-09 18688] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-01-12 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . . ------- Skan uzupełniający ------- . IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000 IE: Dodaj do blokowanych banerów - d:\kaspersky\ie_banner_deny.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Artur\Dane aplikacji\Mozilla\Firefox\Profiles\ql61bzn5.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 21:47:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-14 21:47:52 ComboFix-quarantined-files.txt 2009-01-14 20:47:50 ComboFix2.txt 2009-01-14 20:38:49 ComboFix3.txt 2009-01-14 19:20:16 Przed: 45 734 846 464 bajtów wolnych Po: 45,724,135,424 bajtów wolnych 191 --- E O F --- 2008-12-13 16:16:30

**Posty:** 8001 · przez **Okocza** 14 Sty 2009, 23:01

wyłącz przywracanie systemu na wszystkich dyskach, wejdź do awaryjnego:

wklej w notatnik

Kod: Zaznacz wszystko: File:: c:\windows\system32\olhrwef.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\trzCE.tmp

zapisz jako CFScript.txt i przeciągnij na Combofix.exe

**Posty:** 8 · przez **frugo84** 14 Sty 2009, 23:41

Kolejny log z Combofixa mam nadzieje, że się wszystko usunęło

Kod: Zaznacz wszystko: ComboFix 09-01-13.04 - Administrator 2009-01-14 22:33:31.5 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3071.2817 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning disabled* (Outdated) [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Artur\Ustawienia lokalne\Temporary Internet Files\ . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-14 do 2009-01-14 ))))))))))))))))))))))))))))))) . 2009-01-14 20:20 . 2009-01-14 20:20 <DIR> d-------- c:\program files\Trend Micro 2009-01-14 20:07 . 2009-01-14 20:07 <DIR> d-------- c:\windows\ERUNT 2009-01-14 20:04 . 2009-01-14 22:34 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Ulubione 2009-01-14 20:04 . 2008-12-08 20:06 <DIR> d--h----- c:\documents and settings\Administrator\Szablony 2009-01-14 20:04 . 2009-01-14 22:23 <DIR> d-------- c:\documents and settings\Administrator\Pulpit 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr------- c:\documents and settings\Administrator\Menu Start 2009-01-14 20:04 . 2008-12-08 20:59 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji 2009-01-14 20:04 . 2009-01-14 20:04 <DIR> d-------- c:\documents and settings\Administrator 2009-01-14 20:01 . 2009-01-14 20:11 <DIR> d-------- C:\SDFix 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM WiFi manager 2009-01-12 20:10 . 2009-01-12 20:10 <DIR> d-------- c:\program files\SAGEM 2009-01-12 20:10 . 2007-01-16 13:52 20,608 --a------ c:\windows\system32\drivers\BRGSp50.sys 2009-01-12 20:10 . 2007-01-16 13:52 17,664 --a------ c:\windows\system32\drivers\ZDPSp50.sys 2009-01-12 20:09 . 2007-01-10 10:14 450,560 --a------ c:\windows\system32\drivers\WlanBZXP.sys 2009-01-12 19:10 . 2009-01-12 19:10 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-01-12 18:03 . 2009-01-12 18:03 <DIR> d-------- c:\program files\Alwil Software 2009-01-12 11:20 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-10 20:08 . 2009-01-10 20:08 <DIR> d-------- C:\Temp 2009-01-10 13:59 . 2009-01-12 17:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-10 10:39 . 2009-01-10 10:39 <DIR> d-------- c:\program files\Opera 2009-01-06 19:01 . 2009-01-06 19:01 <DIR> d-------- c:\documents and settings\Rodzina\Phone Browser 2009-01-05 14:28 . 2005-06-17 10:26 114,688 --a------ c:\windows\system32\WLANUTL.dll 2009-01-05 14:28 . 2005-06-17 10:26 61,440 --a------ c:\windows\system32\W32N50.dll 2009-01-02 21:36 . 2009-01-03 12:50 83 --a------ c:\windows\wwp.INI 2009-01-01 13:00 . 2004-08-04 00:44 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-01 13:00 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-01 13:00 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-12-24 10:57 . 2004-09-10 19:15 86,094 --a------ c:\windows\system32\ImageDrive.cpl 2008-12-22 19:35 . 2009-01-05 11:21 116 --a------ c:\windows\NeroDigital.ini 2008-12-21 12:25 . 2008-12-21 12:28 <DIR> d-------- c:\windows\system32\CatRoot_bak 2008-12-14 15:50 . 2008-12-14 15:50 1,172 --a------ c:\windows\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 13:34 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-14 13:34 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-14 13:34 --------- d-----w c:\program files\Net Activity Diagram 2009-01-12 19:10 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-12 19:08 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-06 20:21 --------- d-----w c:\program files\DAEMON Tools Lite 2009-01-03 11:06 --------- d-----w c:\program files\Winamp 2008-12-22 18:25 --------- d-----w c:\program files\SubEdit-Player2 2008-12-21 09:44 --------- d-----w c:\program files\Common Files\Adobe 2008-12-11 18:54 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-11 16:25 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\Civitas2 2008-12-10 21:50 --------- d-----w c:\program files\Electronic Arts 2008-12-10 21:45 1,582 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-12-10 19:52 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\DAEMON Tools 2008-12-10 16:16 --------- d-----w c:\documents and settings\Rodzina\Dane aplikacji\PC Suite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\PCSuite 2008-12-09 19:36 --------- d-----w c:\program files\Common Files\Nokia 2008-12-09 19:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite 2008-12-09 19:35 --------- d-----w c:\program files\PC Connectivity Solution 2008-12-09 19:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations 2008-12-09 18:37 --------- d-----w c:\program files\Gadu-Gadu 2008-12-09 18:23 --------- d-----w c:\program files\Mount&Blade 2008-12-09 17:02 --------- d-----w c:\program files\Common Files\EasyInfo 2008-12-09 13:32 --------- d-----w c:\program files\Lavalys 2008-12-09 08:23 --------- d-----w c:\program files\A4Tech 2008-12-08 21:27 --------- d-----w c:\program files\Microsoft.NET 2008-12-08 21:20 --------- d-----w c:\program files\DAEMON Tools Toolbar 2008-12-08 21:18 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-12-08 21:18 --------- d-----w c:\program files\TC PowerPack 2008-12-08 20:33 --------- d-----w c:\program files\Common Files\Ahead 2008-12-08 20:33 --------- d-----w c:\program files\Ahead 2008-12-08 20:26 --------- d-----w c:\program files\IrfanView 2008-12-08 20:22 --------- d-----w c:\program files\Real Alternative 2008-12-08 20:21 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-08 20:03 --------- d-----w c:\program files\ATKGFNEX 2008-12-08 19:57 --------- d-----w c:\program files\Intel 2008-12-08 19:52 --------- d-----w c:\program files\DIFX 2008-12-08 19:21 --------- d-----w c:\program files\Realtek 2008-12-08 19:10 --------- d-----w c:\program files\microsoft frontpage 2008-12-08 19:08 --------- d-----w c:\program files\Usługi online 2008-11-04 14:52 13,590,528 ----a-w c:\windows\system32\nvcpl.dll 2008-10-28 16:18 17,331,200 ----a-w c:\windows\RTHDCPL.EXE 2008-10-27 17:12 34,816 ----a-w c:\windows\system32\RtkCoInstXP.dll 2008-10-24 14:30 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2009-01-12 19:39 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-12 19:39 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-12 19:39 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-12 19:39 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-12 19:39 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] "PCSuiteTrayApplication"="d:\nokia pc suite 6\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-04 13590528] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Nokia.PCSync"="d:\nokia pc suite 6\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-01-12 950272] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gry\\HL2\\hl2.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-12 111184] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-01-12 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-12 20560] S4 Nadim;NAD Proto Driver;c:\windows\system32\drivers\nadim.sys [2008-12-09 18688] . . ------- Skan uzupełniający ------- . FF - ProfilePath - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-14 22:34:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(236) c:\windows\system32\ac3acm.acm c:\windows\system32\lameACM.acm . Czas ukończenia: 2009-01-14 22:35:13 ComboFix-quarantined-files.txt 2009-01-14 21:35:11 ComboFix2.txt 2009-01-14 21:25:29 ComboFix3.txt 2009-01-14 20:47:53 ComboFix4.txt 2009-01-14 20:38:49 ComboFix5.txt 2009-01-14 21:33:17 Przed: 45 814 513 664 bajtów wolnych Po: 45,804,036,096 bajtów wolnych 166 --- E O F --- 2008-12-13 16:16:30

**Posty:** 8001 · przez **Okocza** 14 Sty 2009, 23:43

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd. Ewentualnie daj screen z programu Starter
7. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

Autor postu otrzymał pochwałę

**Posty:** 8 · przez **frugo84** 15 Sty 2009, 00:23

Zrobiłem wszystko poza ostatnim punktem bo nie mam za bardzo możliwości podpięcia tego laptopa do internetu
ale myślę, że już wszystko w porządku, dzikuję za pomoc
to ekran z msconfig

**Posty:** 18165 · przez **wojtas** 15 Sty 2009, 13:46

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę

c:\windows\AhnRpta.exe

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

**Posty:** 300 · przez **sgsman** 15 Sty 2009, 16:38

Czy kol. frugo nie powinien na dodatek przeskanować tutaj tego pliku klif.sys i wrzucić z owego skanowania raport? Na wszelki wypadek.

**Posty:** 8001 · przez **Okocza** 15 Sty 2009, 20:29

sgsman, tak poza tematem, wojtas, chyba wie co robi - sprawdził na pewno w googlach - więc był pewien

**Posty:** 18165 · przez **wojtas** 15 Sty 2009, 22:30

ale proszę go sprawdzić ten plik

nic nie zaszkodzi a moze jest syfem.