pusty pulpit, problem z explorer.exe

**Posty:** 11 · przez **monika177** 18 Lip 2008, 12:47

Witam, mój problem wygląda następująco: któregoś dnia włączyłam laptopa a tam nic oprócz tapety. Nie było ani paska startu ani ikon. Mogę tylko włączyć Menadżera zadań przez Ctrl-Alt-Del. Kiedy wpisuję w Nowe zadanie-Uruchom EXPLORE.EXE pojawia się wszystko, ale tak muszę robić z każdym włączeniem komputera a poza tym jest o wiele wolniejszy. Przywrócić systemu do poprzedniego stanu nie mogę bo nie istnieją żadne punkty przywracania. Jeśli znałby ktoś jakieś rozwiązanie to bardzo proszę o pomoc.

**Posty:** 7956 · przez **Magik** 18 Lip 2008, 12:55

monika177 napisał(a):Witam, mój problem wygląda następująco: któregoś dnia włączyłam laptopa a tam nic oprócz tapety. Nie było ani paska startu ani ikon. Mogę tylko włączyć Menadżera zadań przez Ctrl-Alt-Del. Kiedy wpisuję w Nowe zadanie-Uruchom EXPLORE.EXE pojawia się wszystko, ale tak muszę robić z każdym włączeniem komputera a poza tym jest o wiele wolniejszy. Przywrócić systemu do poprzedniego stanu nie mogę bo nie istnieją żadne punkty przywracania. Jeśli znałby ktoś jakieś rozwiązanie to bardzo proszę o pomoc.

wklej log z combofix i HJT na poczatek
http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 11 · przez **monika177** 18 Lip 2008, 16:18

Mogłabym prosić bardziej szczegółowe wskazówki?

**Posty:** 7956 · przez **Magik** 18 Lip 2008, 16:23

monika177 napisał(a):Mogłabym prosić bardziej szczegółowe wskazówki?

jasniej sie juz chyba nie da

masz wkleic log z programu combofix i HiJackThis

http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

a w tych topickach masz opisane jak wygenerowac log krok po kroku, z obrazkami itd :!:

**Posty:** 11 · przez **monika177** 18 Lip 2008, 16:42

No ok ale to raczej pomoże rozwiązać mój problem? Nie ma prostszych sposobów?

**Posty:** 7956 · przez **Magik** 18 Lip 2008, 16:48

No ok ale to raczej pomoże rozwiązać mój problem? Nie ma prostszych sposobów?

poswiec sie dziewczyno i zrob te logi, bo prawdopodobnie masz mnostwo badziewia w kompie

a konsoli odzyskwiania nie ma na razie co odpalac skoro nie wiemy jaki jest stan Twojego systemu pod wzgledem malware, trojanow itd :arrow:

Twoj wybor

monika177 napisał(a):Nie ma prostszych sposobów?

chyba ze wolisz sformatowac dysk i wgrac system od nowa

**Posty:** 11 · przez **monika177** 19 Lip 2008, 00:25

Ok to już mam tego loga:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:21:30, on 2008-07-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\EXPLORER.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Dom\Pulpit\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtkh.exe] C:\WINDOWS\system32\kdtkh.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [comrepl32] C:\windows\system32\com\comrecfg.exe O4 - HKLM\..\Policies\Explorer\Run: [this] C:\Program Files\Web Technologies\wcs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8935F4-BC95-4C2A-A8AF-957C4261992C}: NameServer = 10.0.0.1 O20 - AppInit_DLLs: avwghmn.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 8759 bytes

Mogłabym prosić o dalszą pomoc bo jestem kompletnie zielona?

**Posty:** 7956 · przez **Magik** 19 Lip 2008, 00:30

monika177 napisał(a):Mogłabym prosić o dalszą pomoc bo jestem kompletnie zielona?

jasne

na przyszlosc logi wstawiaj w tagi 'code'

i log z HJT to tylko polowa drogi.........jeszcze combofix

Kod: Zaznacz wszystko: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Policies\Explorer\Run: [comrepl32] C:\windows\system32\com\comrecfg.exe O4 - HKLM\..\Policies\Explorer\Run: [this] C:\Program Files\Web Technologies\wcs.exe O20 - AppInit_DLLs: avwghmn.dll

tw wpisy musisz dac w trybie awaryjnym na FIX.czyli przy starcie kompa wciskasz F8 i wybierasz tryb awaryjny

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
w tym topicku
usuwanie :arrow:

podpunkt 4 masz info jak dac w/w wpisy na fix

i moja droga po tym co tu widac kompa masz zasyfionego az milo///log z combofix'a ino chyzio

**Posty:** 11 · przez **monika177** 19 Lip 2008, 01:42

Wydaje mi się że tylko to usunięcie zainfekowanych rzeczy przez ten HiJack This pomogło bo chyba się już wszystko naprawiło. Komp otwiera się bez problemów:) Jesteś prawdziwym geniuszem, stokrotne dzięki za pomoc, bez Ciebie nic bym nie zdziałała. Pozdrawiam

**Posty:** 8001 · przez **Okocza** 19 Lip 2008, 01:43

daj jeszcze log z combofixa :!:

log z hijacka to nie cały sukces, prawdopodobnie masz zawalony rejestr tym i może Ci się to nawracac...

**Posty:** 7956 · przez **Magik** 19 Lip 2008, 01:44

monika177 napisał(a):Wydaje mi się że tylko to usunięcie zainfekowanych rzeczy przez ten HiJack This pomogło bo chyba się już wszystko naprawiło. Komp otwiera się bez problemówSmile Jesteś prawdziwym geniuszem, stokrotne dzięki za pomoc, bez Ciebie nic bym nie zdziałała. Pozdrawiam

jestes widze bardzo niechetna do tych logow

przeskanuj choc kompa tym

http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

i
http://www.programosy.pl/program,avg-anti-spyware.html

choc tyle :wink:

**Posty:** 11 · przez **monika177** 19 Lip 2008, 22:33

Dobra to wkleję te logi z ComboFix bo czuję że nie jest jeszcze wszystko ok bo komp stał się jakiś wolny

Kod: Zaznacz wszystko: ComboFix 08-07-17.4 - Dom 2008-07-19 19:08:42.2 - NTFSx86 Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\amwmgewi.dll C:\WINDOWS\system32\cJSBJRqr.ini C:\WINDOWS\system32\cJSBJRqr.ini2 C:\windows\system32\explorer.exe C:\WINDOWS\system32\kdtkh.exe C:\WINDOWS\system32\mfxehiyu.ini C:\WINDOWS\system32\qoMggFUN.dll C:\WINDOWS\system32\rqRJBSJc.dll C:\WINDOWS\system32\uyihexfm.dll . ---- Previous Run ------- . C:\DOCUME~1\Dom\USTAWI~1\Temp\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE32.Dat C:\Program Files\Internet Explorer\IEXPLORE32.jmp C:\Program Files\Internet Explorer\IEXPLORE32.Sys C:\Program Files\Internet Explorer\IEXPLORE32.win C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys C:\Program Files\Internet Explorer\PLUGINS\Nt_Win32.Jmp C:\Program Files\Internet Explorer\PLUGINS\Sy_Win7k.Jmp C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp C:\Program Files\internet explorer\plugins\Wn_Sys8x.Sys C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]03F7D87 C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\30338.exe C:\WINDOWS\anistio.exE C:\WINDOWS\bhixzi.exe C:\WINDOWS\bincdwsa.exe C:\WINDOWS\dbhlp32.exe C:\WINDOWS\dionpis.exe C:\WINDOWS\dxtmechk C:\WINDOWS\fewqickd.exe C:\WINDOWS\fmsbbqi.exe C:\WINDOWS\fmsiocps.exe C:\WINDOWS\Fonts\armease.fon C:\WINDOWS\Fonts\avwghin.dll C:\WINDOWS\Fonts\avzxkin.dll C:\WINDOWS\Fonts\cadaafx.fon C:\WINDOWS\Fonts\chtiaur.fon C:\WINDOWS\Fonts\enweafx.fon C:\WINDOWS\Fonts\kawdfcs.dll C:\WINDOWS\Fonts\msguasd.fon C:\WINDOWS\Fonts\mszhasd.fon C:\WINDOWS\Fonts\okmhacs.dll C:\WINDOWS\Fonts\ratbnni.dll C:\WINDOWS\Fonts\sidjfcs.dll C:\WINDOWS\Fonts\swrcecs.dll C:\WINDOWS\Fonts\wireafw.fon C:\WINDOWS\gggggg.exe C:\WINDOWS\hosts C:\WINDOWS\juejwcx.exe C:\WINDOWS\mfchlp64.exe C:\WINDOWS\nmhgtce.exe C:\WINDOWS\oooooo.exe C:\WINDOWS\ptshell.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\1.exe C:\WINDOWS\system32\2.exe C:\WINDOWS\system32\7.exe C:\WINDOWS\system32\734914 C:\WINDOWS\system32\734914\734914.dll C:\WINDOWS\system32\aduio.sys C:\WINDOWS\system32\aipg0.exe C:\WINDOWS\system32\ajausu.dll C:\WINDOWS\system32\ajjhje.dll C:\WINDOWS\system32\anistio.dll C:\WINDOWS\system32\anxytc.dll C:\WINDOWS\system32\atzu12.exe C:\WINDOWS\system32\avwghmn.dll C:\WINDOWS\system32\avwghst.exe C:\WINDOWS\system32\avzxkmn.dll C:\WINDOWS\system32\avzxkst.exe C:\WINDOWS\system32\ayiypa.dll C:\WINDOWS\system32\bincdwsa.dll C:\WINDOWS\system32\bswo0.exe C:\WINDOWS\system32\btnifa.dll C:\WINDOWS\system32\byypio.dll C:\WINDOWS\system32\cccccc.dll C:\WINDOWS\system32\cinmon.exe C:\WINDOWS\system32\ciwdaapi.sys C:\WINDOWS\system32\cLVGiPVw.ini C:\WINDOWS\system32\cLVGiPVw.ini2 C:\WINDOWS\system32\comarshal.dat C:\WINDOWS\system32\comspring.dat C:\WINDOWS\system32\cqfygr.dll C:\WINDOWS\system32\csavpw0.dll C:\WINDOWS\system32\cyvqwf.dll C:\WINDOWS\system32\dbhlp32.dlL C:\WINDOWS\system32\ddicjr.dll C:\WINDOWS\system32\dftkbn.dll C:\WINDOWS\system32\dionpis.dll C:\WINDOWS\system32\dlbar.exe C:\WINDOWS\system32\drivers\comint32.sys C:\WINDOWS\system32\drivers\HBKernel.sys C:\WINDOWS\system32\drivers\msosmsfpfis64.sys C:\WINDOWS\system32\drivers\nicomsp2p32.sys C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dsgjfd.dll C:\WINDOWS\system32\dwrldy.dll C:\WINDOWS\system32\dydxjv.dll C:\WINDOWS\system32\ektvm.dll C:\WINDOWS\system32\etpfgf.dll C:\WINDOWS\system32\ewlxix.dll C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\f84d3335f1.dll C:\WINDOWS\system32\fanrgq.dll C:\WINDOWS\system32\fcjxwf.dll C:\WINDOWS\system32\fgcoal.dll C:\WINDOWS\system32\fhcajo.dll C:\WINDOWS\system32\fmsbbqi.dll C:\WINDOWS\system32\fmsiocps.dll C:\WINDOWS\system32\gdhnxai32.dll C:\WINDOWS\system32\gdoaej.dll C:\WINDOWS\system32\GDQQHXI32.dll C:\WINDOWS\system32\GenProtect.dll C:\WINDOWS\system32\gerowf.dll C:\WINDOWS\system32\HBKrnl.dll C:\WINDOWS\system32\hepcbs.dll C:\WINDOWS\system32\hgypws.dll C:\WINDOWS\system32\hjyche.dll C:\WINDOWS\system32\hndzdu.dll C:\WINDOWS\system32\hzmmhi.dll C:\WINDOWS\system32\ijpuyt.dll C:\WINDOWS\system32\inra0.exe C:\WINDOWS\system32\instalflash.dll C:\WINDOWS\system32\iwdzyr.dll C:\WINDOWS\system32\jabdqg.dll C:\WINDOWS\system32\jgzwer.dll C:\WINDOWS\system32\jngbgl.dll C:\WINDOWS\system32\jrkrjr.dll C:\WINDOWS\system32\juejwcx.dll C:\WINDOWS\system32\kawdfzy.dll C:\WINDOWS\system32\kcomc32.dll C:\WINDOWS\system32\kcomc32.exe C:\WINDOWS\system32\kgafau.dll C:\WINDOWS\system32\kgkhpw.dll C:\WINDOWS\system32\kibo0.exe C:\WINDOWS\system32\kkxcad.dll C:\WINDOWS\system32\lfrzme.dll C:\WINDOWS\system32\mfchlp64.dll C:\WINDOWS\system32\mhsha1.dat C:\WINDOWS\system32\mjohwp.dll C:\WINDOWS\system32\MMBAIKOK1093.dll C:\WINDOWS\system32\mnusep.dll C:\WINDOWS\system32\Mouer.dll C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\mpwdeapi.dll C:\WINDOWS\system32\msdeg32.dll C:\WINDOWS\system32\msosdohs.dat C:\WINDOWS\system32\msosdohs00.dll C:\WINDOWS\system32\msosmnsf.dat C:\WINDOWS\system32\msosmnsf00.dll C:\WINDOWS\system32\msostuic.dat C:\WINDOWS\system32\msostuic00.dll C:\WINDOWS\system32\nchvxo.dll C:\WINDOWS\system32\Nesery.dll C:\WINDOWS\system32\Nessery.dll C:\WINDOWS\system32\Nessery.sys C:\WINDOWS\system32\nhvv12.exe C:\WINDOWS\system32\nicozctp00.dll C:\WINDOWS\system32\nicozftp.dat C:\WINDOWS\system32\nicozftp00.dll C:\WINDOWS\system32\nmhgtce.dll C:\WINDOWS\system32\nsneog.dll C:\WINDOWS\system32\nuqdcz.dll C:\WINDOWS\system32\obceyc.dll C:\WINDOWS\system32\oooooo.dll C:\WINDOWS\system32\oorgbe.dll C:\WINDOWS\system32\owlz0.exe C:\WINDOWS\system32\pijcii.dll C:\WINDOWS\system32\pqylhu.dll C:\WINDOWS\system32\ptshell.dll C:\WINDOWS\system32\pxqryt.dll C:\WINDOWS\system32\qakvbv.dll C:\WINDOWS\system32\qqqqqq.dll C:\WINDOWS\system32\qyawxo.dll C:\WINDOWS\system32\qzugno.dll C:\WINDOWS\system32\ratbnpi.dll C:\WINDOWS\system32\rosidt.dll C:\WINDOWS\system32\sevwwz.dll C:\WINDOWS\system32\shgxbe.dll C:\WINDOWS\system32\simyaapi.exe C:\WINDOWS\system32\siwdaapi.exe C:\WINDOWS\system32\sjckzr.dll C:\WINDOWS\system32\spmybapi.sys C:\WINDOWS\system32\spwdbapi.sys C:\WINDOWS\system32\srddjn.dll C:\WINDOWS\system32\ssssss.dll C:\WINDOWS\system32\svchust.exe C:\WINDOWS\system32\syswine.ini C:\WINDOWS\system32\tciocp64.dll C:\WINDOWS\system32\tcpip.exe C:\WINDOWS\system32\tcpip.sys C:\WINDOWS\system32\ticisms.dll C:\WINDOWS\system32\tkhqid.dll C:\WINDOWS\system32\tmpjpm.dll C:\WINDOWS\system32\tqxrjo.dll C:\WINDOWS\system32\umedde.dll C:\WINDOWS\system32\uobelr.dll C:\WINDOWS\system32\upudpkok.dll C:\WINDOWS\system32\vmjquw.dll C:\WINDOWS\system32\vmumbd.dll C:\WINDOWS\system32\vuxdhq.dll C:\WINDOWS\system32\weggzd.dll C:\WINDOWS\system32\wugzqh.dll C:\WINDOWS\system32\wvmswf.dll C:\WINDOWS\system32\wVPiGVLc.dll C:\WINDOWS\system32\xxxxxx.dll C:\WINDOWS\system32\ydgn.dll C:\WINDOWS\system32\yeuznn.dll C:\WINDOWS\system32\ytewcxzsw.dll C:\WINDOWS\system32\yuiabct.dll C:\WINDOWS\system32\zaxvly.dll C:\WINDOWS\system32\zhqame.dll C:\WINDOWS\system32\zpoomu.dll C:\WINDOWS\system32\zrdzii.dll C:\WINDOWS\tciocp64.exe C:\WINDOWS\tempaq C:\WINDOWS\ticisms.exe C:\WINDOWS\Update.dat C:\WINDOWS\yuiabct.exe C:\WINDOWS\yuibbct.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_COMINT32 -------\Legacy_PCIHARDDISK -------\Service_comint32 -------\Service_PciHardDisk -------\Service_Binary file SvcDump matches -------\Legacy_COMINT32 -------\Legacy_PCIHARDDISK ((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 02:44 . 2008-07-19 02:44 110,415 --a------ C:\WINDOWS\BMdba9cf78.xml 2008-06-28 20:31 . 2008-06-28 20:31 3,555 --a------ C:\WINDOWS\system32\zuoyue32.ini.tmp 2008-06-28 20:07 . 2008-06-18 03:55 38,144 -r------- C:\WINDOWS\system32\drivers\fanti.sys 2008-06-28 20:07 . 2008-05-30 04:18 24,192 -r------- C:\WINDOWS\system32\drivers\regti.sys 2008-06-24 04:33 . 2008-06-24 04:33 302,080 --a------ C:\WINDOWS\msnss27.dll 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\UC.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\RAR.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\LHA.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\ARJ.PIF 2008-06-21 21:13 . 2008-06-22 20:33 327 --a------ C:\WINDOWS\wincmd.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-19 17:36 53 ----a-w C:\WINDOWS\Fonts\swrcecs.dll 2008-07-19 17:36 53 ----a-w C:\WINDOWS\Fonts\sidjfcs.dll 2008-07-19 17:36 53 ----a-w C:\WINDOWS\Fonts\okmhacs.dll 2008-07-19 17:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-14 22:10 45,873 ----a-w C:\WINDOWS\853957WL.DLL 2008-06-14 22:09 19,736 ----a-w C:\WINDOWS\fmschif.exe 2008-06-14 22:09 19,228 ----a-w C:\WINDOWS\fmcbbqi.exe 2008-06-14 22:07 19,220 ----a-w C:\WINDOWS\ynhtjlpo.exe 2008-06-13 21:51 19,740 ----a-w C:\WINDOWS\cccccc.exe 2008-06-13 14:32 20,244 ----a-w C:\WINDOWS\wwwwww.exe 2008-06-13 14:30 19,740 ----a-w C:\WINDOWS\llllll.exe 2008-06-12 23:16 20,244 ----a-w C:\WINDOWS\tttttt.exe 2008-06-12 23:13 19,740 ----a-w C:\WINDOWS\pppppp.exe 2008-06-12 11:07 20,244 ----a-w C:\WINDOWS\eeeeee.exe 2008-06-10 21:03 20,252 ----a-w C:\WINDOWS\iiiiii.exe 2008-06-08 21:41 90,112 ----a-w C:\WINDOWS\DUMP584a.tmp 2008-06-08 15:42 5,632 ----a-w C:\Documents and Settings\Dom\Coreld32.dll 2008-05-25 22:40 5,052 ----a-w C:\WINDOWS\cftmon.exe 2008-04-15 16:30 39,520 ----a-w C:\Documents and Settings\Dom\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-12-06 18:09 11,958 --sh--w C:\WINDOWS\system32\gdjzi32.dll 2007-12-06 18:08 15,703 --sh--w C:\WINDOWS\system32\gdmsi32.dll 2004-08-04 11:00 8,192 --sha-w C:\WINDOWS\system32\gmjgty.dll 2004-08-04 11:00 8,704 --sha-w C:\WINDOWS\system32\cenzura!.dll 2004-08-04 11:00 19,356 --sh--w C:\WINDOWS\system32\kcomb32.exe 2004-08-04 11:00 18,920 --sh--w C:\WINDOWS\system32\kcomw32.exe 2004-08-08 22:07 537,096 --sh--w C:\WINDOWS\system32\mpmyfapi.dll 2004-08-04 18:08 24,924 --sh--w C:\WINDOWS\system32\okmhazy.dll 2004-08-04 18:09 23,904 --sh--w C:\WINDOWS\system32\sidjfzy.dll 2004-08-04 18:08 21,864 --sh--w C:\WINDOWS\system32\swrcezc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:52 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 09:31 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 09:27 126976] "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 21:26 1089536] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 15:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 15:43 688218] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 11:56 1077327] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-22 11:58 58984] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-12-20 18:22 218712] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-03-19 19:40 100048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Dom\Moje dokumenty\Nowy folder\Autostart\ Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 09:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{1A57CAD1-412F-9547-713F-9641FA3FC7A1}"= "C:\WINDOWS\system32\okmhazy.dll" [2004-08-04 20:08 24924] "{678A7521-FA87-34AB-34C2-4893F3AD34C6}"= "C:\WINDOWS\system32\swrcezc.dll" [2004-08-04 20:08 21864] "{68847374-8323-FADC-B443-4732ABCD3786}"= "C:\WINDOWS\system32\sidjfzy.dll" [2004-08-04 20:09 23904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sidjfzy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) R1 SMBHC;Sterownik kontrolera hosta magistrali zarządzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 23:57] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:40] R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 19:12] R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 18:02] R3 SMBBATT;Sterownik baterii inteligentnej Microsoft;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 01:07] S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 19:29] S3 MS;MS;C:\DOCUME~1\Dom\USTAWI~1\Temp\tmp2F3.tmp [] . Contents of the 'Scheduled Tasks' folder "2008-07-19 17:39:02 C:\WINDOWS\Tasks\MsUpdateTask.job" - C:\WINDOWS\msnss27.dll,fnOpen . - - - - ORPHANS REMOVED - - - - BHO-{0F438C52-95EC-4DE1-B2CE-4778DE54457D} - C:\WINDOWS\system32\wVPiGVLc.dll HKLM-Run-C:\WINDOWS\system32\kdtkh.exe - C:\WINDOWS\system32\kdtkh.exe HKLM-Run-SmoothView - C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe HKLM-Run-d89afce4 - C:\WINDOWS\system32\uyihexfm.dll HKLM-Run-BMdba9cf78 - C:\WINDOWS\system32\amwmgewi.dll HKLM-Run-NDSTray.exe - NDSTray.exe ShellExecuteHooks-{E6650011-3344-6688-4899-345FABCD156E} - C:\WINDOWS\system32\ratbnpi.dll ShellExecuteHooks-{B859245F-345D-BC13-AC4F-145D47DA34FB} - C:\WINDOWS\system32\avzxkmn.dll ShellExecuteHooks-{68907901-1416-3389-9981-372178569986} - C:\WINDOWS\system32\kawdfzy.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 19:37:45 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\explorer(4).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(4).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(4).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(4).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(5).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(5).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(5).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(5).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(6).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(6).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(6).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(6).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(7).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(7).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(7).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(7).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(8).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(8).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(8).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(8).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(9).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(9).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(9).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(9).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(10).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(10).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(10).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(10).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(11).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(11).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(11).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(11).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(12).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(12).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(12).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(12).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(13).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(13).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(13).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(13).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(14).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(14).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(14).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(14).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(15).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(15).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(15).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(15).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(2).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(2).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(2).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(2).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(3).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(3).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(3).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(3).exe:submitter.jpg 273920 bytes executable scan completed successfully hidden files: 56 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MS] "ImagePath"="\??\C:\DOCUME~1\Dom\USTAWI~1\Temp\tmp2F3.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\WINDOWS\system32\igfxext.exe C:\Program Files\Toshiba\Program narzC:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Messenger\msmsgs.exe . ************************************************************************** . Completion time: 2008-07-19 19:41:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-19 17:41:03 Pre-Run: 34,003,148,800 bajtów wolnych Post-Run: 33,966,096,384 bajt˘w wolnych 453

**Posty:** 7956 · przez **Magik** 19 Lip 2008, 22:39

monika177 napisał(a):Dobra to wkleję te logi z ComboFix bo czuję że nie jest jeszcze wszystko ok bo komp stał się jakiś wolny

dobra decyzja :wink:

a oto dowod--->te pliki poszly w powietrze--->JEDEN WIELKI SYF!!!

Kod: Zaznacz wszystko: C:\WINDOWS\pskt.ini C:\WINDOWS\system32\amwmgewi.dll C:\WINDOWS\system32\cJSBJRqr.ini C:\WINDOWS\system32\cJSBJRqr.ini2 C:\windows\system32\explorer.exe C:\WINDOWS\system32\kdtkh.exe C:\WINDOWS\system32\mfxehiyu.ini C:\WINDOWS\system32\qoMggFUN.dll C:\WINDOWS\system32\rqRJBSJc.dll C:\WINDOWS\system32\uyihexfm.dll . ---- Previous Run ------- . C:\DOCUME~1\Dom\USTAWI~1\Temp\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE32.Dat C:\Program Files\Internet Explorer\IEXPLORE32.jmp C:\Program Files\Internet Explorer\IEXPLORE32.Sys C:\Program Files\Internet Explorer\IEXPLORE32.win C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys C:\Program Files\Internet Explorer\PLUGINS\Nt_Win32.Jmp C:\Program Files\Internet Explorer\PLUGINS\Sy_Win7k.Jmp C:\Program Files\Internet Explorer\PLUGINS\UnixSys32.Jmp C:\Program Files\internet explorer\plugins\Wn_Sys8x.Sys C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\003F7D87 C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\30338.exe C:\WINDOWS\anistio.exE C:\WINDOWS\bhixzi.exe C:\WINDOWS\bincdwsa.exe C:\WINDOWS\dbhlp32.exe C:\WINDOWS\dionpis.exe C:\WINDOWS\dxtmechk C:\WINDOWS\fewqickd.exe C:\WINDOWS\fmsbbqi.exe C:\WINDOWS\fmsiocps.exe C:\WINDOWS\Fonts\armease.fon C:\WINDOWS\Fonts\avwghin.dll C:\WINDOWS\Fonts\avzxkin.dll C:\WINDOWS\Fonts\cadaafx.fon C:\WINDOWS\Fonts\chtiaur.fon C:\WINDOWS\Fonts\enweafx.fon C:\WINDOWS\Fonts\kawdfcs.dll C:\WINDOWS\Fonts\msguasd.fon C:\WINDOWS\Fonts\mszhasd.fon C:\WINDOWS\Fonts\okmhacs.dll C:\WINDOWS\Fonts\ratbnni.dll C:\WINDOWS\Fonts\sidjfcs.dll C:\WINDOWS\Fonts\swrcecs.dll C:\WINDOWS\Fonts\wireafw.fon C:\WINDOWS\gggggg.exe C:\WINDOWS\hosts C:\WINDOWS\juejwcx.exe C:\WINDOWS\mfchlp64.exe C:\WINDOWS\nmhgtce.exe C:\WINDOWS\oooooo.exe C:\WINDOWS\ptshell.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\1.exe C:\WINDOWS\system32\2.exe C:\WINDOWS\system32\7.exe C:\WINDOWS\system32\734914 C:\WINDOWS\system32\734914\734914.dll C:\WINDOWS\system32\aduio.sys C:\WINDOWS\system32\aipg0.exe C:\WINDOWS\system32\ajausu.dll C:\WINDOWS\system32\ajjhje.dll C:\WINDOWS\system32\anistio.dll C:\WINDOWS\system32\anxytc.dll C:\WINDOWS\system32\atzu12.exe C:\WINDOWS\system32\avwghmn.dll C:\WINDOWS\system32\avwghst.exe C:\WINDOWS\system32\avzxkmn.dll C:\WINDOWS\system32\avzxkst.exe C:\WINDOWS\system32\ayiypa.dll C:\WINDOWS\system32\bincdwsa.dll C:\WINDOWS\system32\bswo0.exe C:\WINDOWS\system32\btnifa.dll C:\WINDOWS\system32\byypio.dll C:\WINDOWS\system32\cccccc.dll C:\WINDOWS\system32\cinmon.exe C:\WINDOWS\system32\ciwdaapi.sys C:\WINDOWS\system32\cLVGiPVw.ini C:\WINDOWS\system32\cLVGiPVw.ini2 C:\WINDOWS\system32\comarshal.dat C:\WINDOWS\system32\comspring.dat C:\WINDOWS\system32\cqfygr.dll C:\WINDOWS\system32\csavpw0.dll C:\WINDOWS\system32\cyvqwf.dll C:\WINDOWS\system32\dbhlp32.dlL C:\WINDOWS\system32\ddicjr.dll C:\WINDOWS\system32\dftkbn.dll C:\WINDOWS\system32\dionpis.dll C:\WINDOWS\system32\dlbar.exe C:\WINDOWS\system32\drivers\comint32.sys C:\WINDOWS\system32\drivers\HBKernel.sys C:\WINDOWS\system32\drivers\msosmsfpfis64.sys C:\WINDOWS\system32\drivers\nicomsp2p32.sys C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\dsgjfd.dll C:\WINDOWS\system32\dwrldy.dll C:\WINDOWS\system32\dydxjv.dll C:\WINDOWS\system32\ektvm.dll C:\WINDOWS\system32\etpfgf.dll C:\WINDOWS\system32\ewlxix.dll C:\WINDOWS\system32\explorer.exe C:\WINDOWS\system32\f84d3335f1.dll C:\WINDOWS\system32\fanrgq.dll C:\WINDOWS\system32\fcjxwf.dll C:\WINDOWS\system32\fgcoal.dll C:\WINDOWS\system32\fhcajo.dll C:\WINDOWS\system32\fmsbbqi.dll C:\WINDOWS\system32\fmsiocps.dll C:\WINDOWS\system32\gdhnxai32.dll C:\WINDOWS\system32\gdoaej.dll C:\WINDOWS\system32\GDQQHXI32.dll C:\WINDOWS\system32\GenProtect.dll C:\WINDOWS\system32\gerowf.dll C:\WINDOWS\system32\HBKrnl.dll C:\WINDOWS\system32\hepcbs.dll C:\WINDOWS\system32\hgypws.dll C:\WINDOWS\system32\hjyche.dll C:\WINDOWS\system32\hndzdu.dll C:\WINDOWS\system32\hzmmhi.dll C:\WINDOWS\system32\ijpuyt.dll C:\WINDOWS\system32\inra0.exe C:\WINDOWS\system32\instalflash.dll C:\WINDOWS\system32\iwdzyr.dll C:\WINDOWS\system32\jabdqg.dll C:\WINDOWS\system32\jgzwer.dll C:\WINDOWS\system32\jngbgl.dll C:\WINDOWS\system32\jrkrjr.dll C:\WINDOWS\system32\juejwcx.dll C:\WINDOWS\system32\kawdfzy.dll C:\WINDOWS\system32\kcomc32.dll C:\WINDOWS\system32\kcomc32.exe C:\WINDOWS\system32\kgafau.dll C:\WINDOWS\system32\kgkhpw.dll C:\WINDOWS\system32\kibo0.exe C:\WINDOWS\system32\kkxcad.dll C:\WINDOWS\system32\lfrzme.dll C:\WINDOWS\system32\mfchlp64.dll C:\WINDOWS\system32\mhsha1.dat C:\WINDOWS\system32\mjohwp.dll C:\WINDOWS\system32\MMBAIKOK1093.dll C:\WINDOWS\system32\mnusep.dll C:\WINDOWS\system32\Mouer.dll C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\mpwdeapi.dll C:\WINDOWS\system32\msdeg32.dll C:\WINDOWS\system32\msosdohs.dat C:\WINDOWS\system32\msosdohs00.dll C:\WINDOWS\system32\msosmnsf.dat C:\WINDOWS\system32\msosmnsf00.dll C:\WINDOWS\system32\msostuic.dat C:\WINDOWS\system32\msostuic00.dll C:\WINDOWS\system32\nchvxo.dll C:\WINDOWS\system32\Nesery.dll C:\WINDOWS\system32\Nessery.dll C:\WINDOWS\system32\Nessery.sys C:\WINDOWS\system32\nhvv12.exe C:\WINDOWS\system32\nicozctp00.dll C:\WINDOWS\system32\nicozftp.dat C:\WINDOWS\system32\nicozftp00.dll C:\WINDOWS\system32\nmhgtce.dll C:\WINDOWS\system32\nsneog.dll C:\WINDOWS\system32\nuqdcz.dll C:\WINDOWS\system32\obceyc.dll C:\WINDOWS\system32\oooooo.dll C:\WINDOWS\system32\oorgbe.dll C:\WINDOWS\system32\owlz0.exe C:\WINDOWS\system32\pijcii.dll C:\WINDOWS\system32\pqylhu.dll C:\WINDOWS\system32\ptshell.dll C:\WINDOWS\system32\pxqryt.dll C:\WINDOWS\system32\qakvbv.dll C:\WINDOWS\system32\qqqqqq.dll C:\WINDOWS\system32\qyawxo.dll C:\WINDOWS\system32\qzugno.dll C:\WINDOWS\system32\ratbnpi.dll C:\WINDOWS\system32\rosidt.dll C:\WINDOWS\system32\sevwwz.dll C:\WINDOWS\system32\shgxbe.dll C:\WINDOWS\system32\simyaapi.exe C:\WINDOWS\system32\siwdaapi.exe C:\WINDOWS\system32\sjckzr.dll C:\WINDOWS\system32\spmybapi.sys C:\WINDOWS\system32\spwdbapi.sys C:\WINDOWS\system32\srddjn.dll C:\WINDOWS\system32\ssssss.dll C:\WINDOWS\system32\svchust.exe C:\WINDOWS\system32\syswine.ini C:\WINDOWS\system32\tciocp64.dll C:\WINDOWS\system32\tcpip.exe C:\WINDOWS\system32\tcpip.sys C:\WINDOWS\system32\ticisms.dll C:\WINDOWS\system32\tkhqid.dll C:\WINDOWS\system32\tmpjpm.dll C:\WINDOWS\system32\tqxrjo.dll C:\WINDOWS\system32\umedde.dll C:\WINDOWS\system32\uobelr.dll C:\WINDOWS\system32\upudpkok.dll C:\WINDOWS\system32\vmjquw.dll C:\WINDOWS\system32\vmumbd.dll C:\WINDOWS\system32\vuxdhq.dll C:\WINDOWS\system32\weggzd.dll C:\WINDOWS\system32\wugzqh.dll C:\WINDOWS\system32\wvmswf.dll C:\WINDOWS\system32\wVPiGVLc.dll C:\WINDOWS\system32\xxxxxx.dll C:\WINDOWS\system32\ydgn.dll C:\WINDOWS\system32\yeuznn.dll C:\WINDOWS\system32\ytewcxzsw.dll C:\WINDOWS\system32\yuiabct.dll C:\WINDOWS\system32\zaxvly.dll C:\WINDOWS\system32\zhqame.dll C:\WINDOWS\system32\zpoomu.dll C:\WINDOWS\system32\zrdzii.dll C:\WINDOWS\tciocp64.exe C:\WINDOWS\tempaq C:\WINDOWS\ticisms.exe C:\WINDOWS\Update.dat C:\WINDOWS\yuiabct.exe C:\WINDOWS\yuibbct.exe

Monika jedziesz dalej

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

Dalej
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

i na koniec logi z HijackThis i combofix, bo z tego co patrze na ten log co wkleilas jest tego dalej w huuUUgo

**Posty:** 11 · przez **monika177** 30 Lip 2008, 21:45

to znowu ja, dawno nie pisałam bo mój komp świetnie działał ale niestety to się już skonczyło:( , więc proszę o dalszą pomoc. teraz mam taki problem ze kiedy włączam Internet explorer i wybieram jakąś stronę to znika mi pasek start poza tym ten COMBOFIX nie robi mi skana bo pokazuje sie coś o uszkodzonym katalogu lub woluminie. wklejam więc logi z HIJACKTHIS:

Kod: Zaznacz wszystko: [quote]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39, on 2008-07-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Dom\Pulpit\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang PL O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtkh.exe] C:\WINDOWS\system32\kdtkh.exe O4 - HKLM\..\Run: [d89afce4] rundll32.exe "C:\WINDOWS\system32\elwbrsut.dll",b O4 - HKLM\..\Run: [BMdba9cf78] Rundll32.exe "C:\WINDOWS\system32\yphigeyc.dll",s O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8935F4-BC95-4C2A-A8AF-957C4261992C}: NameServer = 10.0.0.1 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 8251 bytes[/quote]

**Posty:** 7956 · przez **Magik** 30 Lip 2008, 21:50

monika177 napisał(a):bo pokazuje sie coś o uszkodzonym katalogu lub woluminie

nie cos tylko konkretny komunikat opisz!!!!

monika177 napisał(a):to znowu ja, dawno nie pisałam bo mój komp świetnie działał ale niestety to się już skonczyło:(

bo zaczelas robote i nie skonczylas///dwa przestan uzywac tego badziewia IE, tylko Operke lub Firefox'a

te wpisy dajesz na fix w trybie awaryjnym w HJT

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdtkh.exe] C:\WINDOWS\system32\kdtkh.exe O4 - HKLM\..\Run: [d89afce4] rundll32.exe "C:\WINDOWS\system32\elwbrsut.dll",b O4 - HKLM\..\Run: [BMdba9cf78] Rundll32.exe "C:\WINDOWS\system32\yphigeyc.dll",s

zrobilas Sdfix co masz napisane powyzej???

do tego skanujesz tym i wklejasz log//

program-szukajacy-trojanow-i-malware-vt97108.html

**Posty:** 11 · przez **monika177** 30 Lip 2008, 21:54

ok zrobię jeszcze te logi z sdfix ale tego programu do trojanów już nie użyję bo mi strasznie spowolnił kopmuter kiedyś

**Posty:** 7956 · przez **Magik** 30 Lip 2008, 21:55

monika177 napisał(a):ok zrobię jeszcze te logi z sdfix

i masz nastepnie nie znikac tylko zrobic tego kompa arz a dobrze a nie na raty

monika177 napisał(a):ale tego programu do trojanów już nie użyję bo mi strasznie spowolnił kopmuter kiedyś

dobra, w takim razie

http://www.programosy.pl/program,avg-anti-spyware.html

i koniecznie komunikat dot. tych woluminow

**Posty:** 11 · przez **monika177** 30 Lip 2008, 22:50

Kod: Zaznacz wszystko: b]SDFix: Version 1.206 [/b] Run by Dom on 2008-07-30 at 22:26 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\qoMggFUN.dll - Deleted C:\WINDOWS\cftmon.exe - Deleted C:\WINDOWS\svchost.exe - Deleted C:\WINDOWS\system32\explorer.exe - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 22:37:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="sidjfzy.dll" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... C:\WINDOWS\explorer(4).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(4).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(4).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(4).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(5).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(5).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(5).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(5).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(6).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(6).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(6).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(6).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(7).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(7).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(7).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(7).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(8).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(8).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(8).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(8).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(9).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(9).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(9).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(9).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(10).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(10).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(10).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(10).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(11).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(11).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(11).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(11).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(12).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(12).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(12).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(12).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(13).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(13).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(13).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(13).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(14).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(14).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(14).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(14).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(15).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(15).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(15).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(15).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(2).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(2).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(2).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(2).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(3).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(3).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(3).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(3).exe:submitter.jpg 273920 bytes executable scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 56 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Thu 6 Dec 2007 11,958 ..SH. --- "C:\WINDOWS\system32\gdjzi32.dll" Thu 6 Dec 2007 15,703 ..SH. --- "C:\WINDOWS\system32\gdmsi32.dll" Wed 4 Aug 2004 8,192 A.SH. --- "C:\WINDOWS\system32\gmjgty.dll" Wed 4 Aug 2004 8,704 A.SH. --- "C:\WINDOWS\system32\cenzura!.dll" Wed 4 Aug 2004 19,356 ..SH. --- "C:\WINDOWS\system32\kcomb32.exe" Wed 4 Aug 2004 18,920 ..SH. --- "C:\WINDOWS\system32\kcomw32.exe" Mon 9 Aug 2004 537,096 ..SH. --- "C:\WINDOWS\system32\mpmyfapi.dll" Wed 4 Aug 2004 24,924 ..SH. --- "C:\WINDOWS\system32\okmhazy.dll" Thu 29 May 2008 242,688 ..SHR --- "C:\WINDOWS\system32\qac.dll" Wed 4 Aug 2004 23,904 ..SH. --- "C:\WINDOWS\system32\sidjfzy.dll" Wed 4 Aug 2004 21,864 ..SH. --- "C:\WINDOWS\system32\swrcezc.dll" Fri 6 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 15 Jun 2008 44,661 A.SH. --- "C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys" Wed 30 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" [b]Finished![/b]

**Posty:** 7956 · przez **Magik** 30 Lip 2008, 22:56

nom, trojany mialas az milo

te wpisy w HiJackThis dalas na fix?? jesli nie to koniecznie daj i sprobuj odpalic combofix'a

jesli nie zaskoczy to wklej log z DSS'a

jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

**Posty:** 11 · przez **monika177** 30 Lip 2008, 22:58

tak wpisy zrobiłam zaraz zobacze z combofixa

Kod: Zaznacz wszystko: [i][size=85]Dodano 31.07.2008 02:00:14:[/size][/i] ComboFix 08-07-29.1 - Dom 2008-07-30 23:17:19.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.63 [GMT 2:00] Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys C:\Program Files\VAV C:\Program Files\VAV\vav.cpl C:\Program Files\VAV\vav.exe C:\Program Files\VAV\vav0.dat C:\Program Files\VAV\vav1.dat C:\WINDOWS\BMdba9cf78.xml C:\WINDOWS\Fonts\okmhacs.dll C:\WINDOWS\Fonts\sidjfcs.dll C:\WINDOWS\Fonts\swrcecs.dll C:\WINDOWS\pskt.ini C:\WINDOWS\system32\elwbrsut.dll C:\WINDOWS\system32\kQBcLnmp.ini C:\WINDOWS\system32\kQBcLnmp.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\pmnLcBQk.dll C:\WINDOWS\system32\tusrbwle.ini C:\WINDOWS\system32\Update.dat C:\WINDOWS\system32\vav.cpl C:\WINDOWS\system32\yphigeyc.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_COMINT32 -------\Legacy_PCIHARDDISK ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))) . 2008-07-30 22:22 . 2008-07-30 22:22 <DIR> d-------- C:\WINDOWS\ERUNT 2008-07-30 22:17 . 2008-07-30 22:38 <DIR> d-------- C:\SDFix 2008-06-28 20:31 . 2008-06-28 20:31 3,555 --a------ C:\WINDOWS\system32\zuoyue32.ini.tmp 2008-06-28 20:07 . 2008-06-18 03:55 38,144 -r------- C:\WINDOWS\system32\drivers\fanti.sys 2008-06-28 20:07 . 2008-05-30 04:18 24,192 -r------- C:\WINDOWS\system32\drivers\regti.sys 2008-06-24 04:33 . 2008-06-24 04:33 302,080 --a------ C:\WINDOWS\msnss27.dll 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\UC.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\RAR.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\LHA.PIF 2008-06-21 21:13 . 2002-01-21 05:00 545 --a------ C:\WINDOWS\ARJ.PIF 2008-06-21 21:13 . 2008-06-22 20:33 327 --a------ C:\WINDOWS\wincmd.ini 2008-06-18 01:19 . 2008-06-18 01:23 127,168 --a------ C:\WINDOWS\system32\c7.exe 2008-06-18 01:18 . 2008-06-18 01:18 <DIR> dr------- C:\Documents and Settings\LocalService\Ulubione 2008-06-18 01:18 . 2008-06-18 01:18 34,816 --a------ C:\WINDOWS\system32\windowsupdata.dll 2008-06-18 01:18 . 2008-06-18 01:18 18,719 --a------ C:\WINDOWS\system32\viscvc.exe 2008-06-18 01:18 . 2008-06-18 01:18 284 --a------ C:\WINDOWS\system32\pagefiles.sys 2008-06-17 23:48 . 2008-06-13 23:51 19,740 --a------ C:\WINDOWS\cccccc.exe 2008-06-15 00:10 . 2008-06-15 00:10 37,765 --a------ C:\WINDOWS\system32\aewg20.exe 2008-06-15 00:10 . 2008-06-15 00:10 30,837 --a------ C:\WINDOWS\system32\cizd21.exe 2008-06-15 00:07 . 2008-06-15 00:06 19,112 --a------ C:\WINDOWS\system32\HBmhly.exe 2008-06-13 23:53 . 2008-06-17 23:48 45,344 --a------ C:\WINDOWS\system32\yuibbct.dll 2008-06-13 23:53 . 2008-06-13 23:53 37,765 --a------ C:\WINDOWS\system32\jmwc20.exe 2008-06-13 23:53 . 2008-06-13 23:53 30,837 --a------ C:\WINDOWS\system32\whjz21.exe 2008-06-13 23:51 . 2008-06-13 23:51 41,244 --a------ C:\WINDOWS\system32\rrrrrr.dll 2008-06-13 23:51 . 2008-06-17 23:48 41,240 --a------ C:\WINDOWS\system32\fmschif.dll 2008-06-13 23:51 . 2008-06-13 23:51 41,236 --a------ C:\WINDOWS\system32\tttttt.dll 2008-06-13 23:51 . 2008-06-15 00:09 19,736 --a------ C:\WINDOWS\fmschif.exe 2008-06-13 23:48 . 2008-06-13 16:30 19,740 --a------ C:\WINDOWS\llllll.exe 2008-06-13 16:33 . 2008-06-13 16:33 37,765 --a------ C:\WINDOWS\system32\poxa20.exe 2008-06-13 13:27 . 2008-06-13 13:27 37,765 --a------ C:\WINDOWS\system32\vnaz20.exe 2008-06-13 13:27 . 2008-06-13 13:27 30,841 --a------ C:\WINDOWS\system32\hkhj21.exe 2008-06-13 13:22 . 2008-06-13 01:13 19,740 --a------ C:\WINDOWS\pppppp.exe 2008-06-13 01:19 . 2008-06-13 01:19 37,765 --a------ C:\WINDOWS\system32\jtqk20.exe 2008-06-13 01:19 . 2008-06-13 01:19 30,841 --a------ C:\WINDOWS\system32\zvua21.exe 2008-06-13 01:12 . 2008-06-12 13:07 20,244 --a------ C:\WINDOWS\eeeeee.exe 2008-06-12 13:08 . 2008-06-12 13:08 37,765 --a------ C:\WINDOWS\system32\tist20.exe 2008-06-12 13:08 . 2008-06-12 13:08 30,841 --a------ C:\WINDOWS\system32\zmsr21.exe 2008-06-12 13:05 . 2008-06-13 01:16 20,244 --a------ C:\WINDOWS\tttttt.exe 2008-06-11 23:58 . 2008-06-17 23:48 41,244 --a------ C:\WINDOWS\system32\fewqickd.dlL 2008-06-11 23:58 . 2008-06-11 23:58 37,765 --a------ C:\WINDOWS\system32\flty20.exe 2008-06-11 23:58 . 2008-06-11 23:58 30,841 --a------ C:\WINDOWS\system32\rayk21.exe 2008-06-11 23:57 . 2008-06-17 23:48 41,244 --a------ C:\WINDOWS\system32\fmcbbqi.dll 2008-06-11 23:57 . 2008-06-15 00:09 19,228 --a------ C:\WINDOWS\fmcbbqi.exe 2008-06-11 23:57 . 2008-06-11 23:57 256 --a------ C:\WINDOWS\system32\nicozctp.dat 2008-06-11 23:53 . 2008-06-10 23:03 20,252 --a------ C:\WINDOWS\iiiiii.exe 2008-06-10 23:06 . 2008-06-10 23:06 37,765 --a------ C:\WINDOWS\system32\pwbv20.exe 2008-06-10 23:06 . 2008-06-10 23:06 30,841 --a------ C:\WINDOWS\system32\iidg21.exe 2008-06-10 23:01 . 2008-06-13 16:32 20,244 --a------ C:\WINDOWS\wwwwww.exe 2008-06-10 13:58 . 2008-06-10 13:58 30,841 --a------ C:\WINDOWS\system32\gwfy21.exe 2008-06-09 23:18 . 2008-06-09 23:18 37,765 --a------ C:\WINDOWS\system32\eluh20.exe 2008-06-09 23:18 . 2008-06-09 23:18 30,841 --a------ C:\WINDOWS\system32\gfoy21.exe 2008-06-09 09:42 . 2008-06-09 09:42 37,765 --a------ C:\WINDOWS\system32\pyjc20.exe 2008-06-09 09:42 . 2008-06-09 09:42 30,841 --a------ C:\WINDOWS\system32\gyko21.exe 2008-06-09 08:09 . 2008-06-09 08:09 37,765 --a------ C:\WINDOWS\system32\mvnl20.exe 2008-06-09 08:09 . 2008-06-09 08:09 30,841 --a------ C:\WINDOWS\system32\hoor21.exe 2008-06-08 23:54 . 2008-06-17 23:48 41,236 --a------ C:\WINDOWS\system32\rewkljlpw.dll 2008-06-08 23:54 . 2008-06-08 23:54 37,765 --a------ C:\WINDOWS\system32\aequ20.exe 2008-06-08 23:54 . 2008-06-08 23:54 30,841 --a------ C:\WINDOWS\system32\rytq21.exe 2008-06-08 13:31 . 2008-06-08 13:31 6,867 --a------ C:\WINDOWS\system32\pfps0.exe 2008-06-06 23:24 . 2008-06-06 23:24 37,765 --a------ C:\WINDOWS\system32\ncmr20.exe 2008-06-06 23:24 . 2008-06-06 23:24 30,841 --a------ C:\WINDOWS\system32\vvsw21.exe 2008-06-06 19:43 . 2008-06-06 19:43 37,765 --a------ C:\WINDOWS\system32\wnum20.exe 2008-06-06 19:43 . 2008-06-06 19:43 30,841 --a------ C:\WINDOWS\system32\mvav21.exe 2008-06-06 19:40 . 2008-06-06 19:40 11,884 --a------ C:\WINDOWS\system32\apva0.exe 2008-06-06 19:37 . 2008-06-06 19:37 4,067 --a------ C:\WINDOWS\system32\xeof4.exe 2008-06-06 19:36 . 2008-06-06 19:36 13,344 --a------ C:\WINDOWS\system32\cash0.exe 2008-06-06 12:34 . 2008-06-06 12:34 37,765 --a------ C:\WINDOWS\system32\txux20.exe 2008-06-06 12:34 . 2008-06-06 12:34 30,841 --a------ C:\WINDOWS\system32\avvp21.exe 2008-06-06 00:01 . 2008-06-06 00:01 37,765 --a------ C:\WINDOWS\system32\ocwl20.exe 2008-06-06 00:01 . 2008-06-06 00:01 30,841 --a------ C:\WINDOWS\system32\fjji21.exe 2008-06-05 19:35 . 2008-06-05 19:35 37,765 --a------ C:\WINDOWS\system32\covd20.exe 2008-06-05 19:35 . 2008-06-05 19:35 30,841 --a------ C:\WINDOWS\system32\dwtt21.exe 2008-06-05 19:33 . 2008-06-05 19:33 13,458 --a------ C:\WINDOWS\system32\azmt0.exe 2008-06-05 19:28 . 2008-06-05 19:28 2,606 --a------ C:\WINDOWS\system32\lihi0.exe 2008-06-04 00:14 . 2008-06-04 00:14 37,765 --a------ C:\WINDOWS\system32\xylq20.exe 2008-06-04 00:14 . 2008-06-04 00:14 30,841 --a------ C:\WINDOWS\system32\dkqk21.exe 2008-06-03 01:13 . 2008-06-03 01:13 37,765 --a------ C:\WINDOWS\system32\ashy20.exe 2008-06-03 01:13 . 2008-06-03 01:13 30,841 --a------ C:\WINDOWS\system32\whrk21.exe 2008-06-02 15:44 . 2008-06-02 15:44 37,765 --a------ C:\WINDOWS\system32\aktm20.exe 2008-06-02 15:44 . 2008-06-02 15:44 30,841 --a------ C:\WINDOWS\system32\zhqh21.exe 2008-06-02 00:07 . 2008-06-02 00:07 37,765 --a------ C:\WINDOWS\system32\zccj20.exe 2008-06-02 00:07 . 2008-06-02 00:07 30,841 --a------ C:\WINDOWS\system32\bcjl21.exe 2008-06-01 12:53 . 2008-06-08 17:42 5,632 --a------ C:\Documents and Settings\Dom\Coreld32.dll 2008-06-01 00:44 . 2008-06-01 00:44 37,765 --a------ C:\WINDOWS\system32\xryf20.exe 2008-06-01 00:44 . 2008-06-01 00:44 30,841 --a------ C:\WINDOWS\system32\zvyr21.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-30 21:24 35 ----a-w C:\WINDOWS\Fonts\swrcecs.dll 2008-07-30 21:24 35 ----a-w C:\WINDOWS\Fonts\sidjfcs.dll 2008-07-30 21:24 35 ----a-w C:\WINDOWS\Fonts\okmhacs.dll 2008-07-30 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-17 21:48 41,236 ----a-w C:\WINDOWS\system32\wkehmkpl.dll 2008-06-14 22:10 45,873 ----a-w C:\WINDOWS\853957WL.DLL 2008-06-14 22:07 19,220 ----a-w C:\WINDOWS\ynhtjlpo.exe 2008-06-08 21:41 90,112 ----a-w C:\WINDOWS\DUMP584a.tmp 2008-06-05 21:57 17,762 ----a-w C:\WINDOWS\system32\kcomb32.dll 2008-05-30 22:20 37,765 ----a-w C:\WINDOWS\system32\sntp20.exe 2008-05-30 22:20 30,841 ----a-w C:\WINDOWS\system32\suef21.exe 2008-05-30 17:08 37,765 ----a-w C:\WINDOWS\system32\zcgn20.exe 2008-05-30 17:08 30,841 ----a-w C:\WINDOWS\system32\bjgn21.exe 2008-05-30 12:29 30,841 ----a-w C:\WINDOWS\system32\nsor21.exe 2008-05-30 12:28 37,765 ----a-w C:\WINDOWS\system32\plgk20.exe 2008-05-30 09:59 37,765 ----a-w C:\WINDOWS\system32\yjdq20.exe 2008-05-30 09:59 30,841 ----a-w C:\WINDOWS\system32\nxxh21.exe 2008-05-29 22:33 37,765 ----a-w C:\WINDOWS\system32\emgk20.exe 2008-05-29 22:33 30,841 ----a-w C:\WINDOWS\system32\erhg21.exe 2008-05-29 18:01 17,332 ----a-w C:\WINDOWS\system32\kcomw32.dll 2008-05-29 14:36 37,765 ----a-w C:\WINDOWS\system32\zuih20.exe 2008-05-29 14:36 30,841 ----a-w C:\WINDOWS\system32\owmy21.exe 2008-05-29 14:34 9,532 ----a-w C:\WINDOWS\system32\szyo16.exe 2008-05-29 11:48 37,765 ----a-w C:\WINDOWS\system32\qqvf20.exe 2008-05-29 11:48 30,841 ----a-w C:\WINDOWS\system32\gkym21.exe 2008-05-28 23:01 242,688 --sh--r C:\WINDOWS\system32\qac.dll 2008-05-28 22:50 37,765 ----a-w C:\WINDOWS\system32\mxlp20.exe 2008-05-28 22:50 30,841 ----a-w C:\WINDOWS\system32\mzvd21.exe 2008-05-28 22:46 2,607 ----a-w C:\WINDOWS\system32\dnua17.exe 2008-05-28 21:57 6,987 ----a-w C:\WINDOWS\system32\bmik11.exe 2008-05-27 22:02 37,765 ----a-w C:\WINDOWS\system32\eqpe20.exe 2008-05-27 22:02 30,841 ----a-w C:\WINDOWS\system32\pldk21.exe 2008-05-27 11:19 37,765 ----a-w C:\WINDOWS\system32\amrj20.exe 2008-05-27 11:19 30,841 ----a-w C:\WINDOWS\system32\lydo21.exe 2008-05-26 21:58 37,765 ----a-w C:\WINDOWS\system32\smsk20.exe 2008-05-26 21:58 30,841 ----a-w C:\WINDOWS\system32\mhsr21.exe 2008-04-15 16:30 39,520 ----a-w C:\Documents and Settings\Dom\Dane aplikacji\GDIPFONTCACHEV1.DAT 2007-12-06 18:09 11,958 --sh--w C:\WINDOWS\system32\gdjzi32.dll 2007-12-06 18:08 15,703 --sh--w C:\WINDOWS\system32\gdmsi32.dll 2004-08-04 11:00 8,192 --sha-w C:\WINDOWS\system32\gmjgty.dll 2004-08-04 11:00 8,704 --sha-w C:\WINDOWS\system32\cenzura!.dll 2004-08-04 11:00 19,356 --sh--w C:\WINDOWS\system32\kcomb32.exe 2004-08-04 11:00 18,920 --sh--w C:\WINDOWS\system32\kcomw32.exe 2004-08-08 22:07 537,096 --sh--w C:\WINDOWS\system32\mpmyfapi.dll 2004-08-04 18:08 24,924 --sh--w C:\WINDOWS\system32\okmhazy.dll 2004-08-04 18:09 23,904 --sh--w C:\WINDOWS\system32\sidjfzy.dll 2004-08-04 18:08 21,864 --sh--w C:\WINDOWS\system32\swrcezc.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-30_19.17.21.80 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-07-17 10:57:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-07-30 20:22:28 4,255,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat + 2008-07-30 20:22:28 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-07-17 10:57:07 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-07-30 20:22:16 4,255,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat + 2008-07-30 20:22:16 159,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2007-09-13 12:38:35 61,440 ----a-w C:\WINDOWS\system32\kdtkh.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F438C52-95EC-4DE1-B2CE-4778DE54457D}] C:\WINDOWS\system32\wVPiGVLc.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:52 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 09:31 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 09:27 126976] "Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-10 21:26 1089536] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 15:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 15:43 688218] "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 11:56 1077327] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-22 11:58 58984] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-12-20 18:22 218712] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-03-19 19:40 100048] "NDSTray.exe"="NDSTray.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Dom\Moje dokumenty\Nowy folder\Autostart\ Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 09:03:44 59080] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{1A57CAD1-412F-9547-713F-9641FA3FC7A1}"= "C:\WINDOWS\system32\okmhazy.dll" [2004-08-04 20:08 24924] "{678A7521-FA87-34AB-34C2-4893F3AD34C6}"= "C:\WINDOWS\system32\swrcezc.dll" [2004-08-04 20:08 21864] "{68847374-8323-FADC-B443-4732ABCD3786}"= "C:\WINDOWS\system32\sidjfzy.dll" [2004-08-04 20:09 23904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sidjfzy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) R1 SMBHC;Sterownik kontrolera hosta magistrali zarządzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 23:57] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:40] R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys [2004-12-10 19:12] R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys [2004-08-18 18:02] R3 SMBBATT;Sterownik baterii inteligentnej Microsoft;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-04 01:07] S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-11-04 19:29] S3 MS;MS;C:\DOCUME~1\Dom\USTAWI~1\Temp\tmp2F3.tmp [] . Contents of the 'Scheduled Tasks' folder 2008-07-30 C:\WINDOWS\Tasks\MsUpdateTask.job - C:\WINDOWS\msnss27.dll,fnOpen [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-SmoothView - C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe ShellExecuteHooks-{E6650011-3344-6688-4899-345FABCD156E} - C:\WINDOWS\system32\ratbnpi.dll ShellExecuteHooks-{B859245F-345D-BC13-AC4F-145D47DA34FB} - C:\WINDOWS\system32\avzxkmn.dll ShellExecuteHooks-{68907901-1416-3389-9981-372178569986} - C:\WINDOWS\system32\kawdfzy.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms} R0 -: HKCU-Main,Default_Search_URL = hxxp://internetsearchservice.com R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms} R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKLM-Internet Explorer,SearchURL = hxxp://internetsearchservice.com O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 -: HKLM\CCS\Interface\{9A8935F4-BC95-4C2A-A8AF-957C4261992C}: NameServer = 10.0.0.1 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 23:23:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\explorer(4).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(4).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(4).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(4).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(5).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(5).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(5).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(5).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(6).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(6).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(6).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(6).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(7).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(7).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(7).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(7).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(8).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(8).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(8).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(8).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(9).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(9).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(9).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(9).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(10).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(10).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(10).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(10).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(11).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(11).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(11).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(11).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(12).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(12).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(12).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(12).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(13).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(13).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(13).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(13).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(14).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(14).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(14).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(14).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(15).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(15).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(15).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(15).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(2).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(2).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(2).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(2).exe:submitter.jpg 273920 bytes executable C:\WINDOWS\explorer(3).exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer(3).exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer(3).exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer(3).exe:submitter.jpg 273920 bytes executable scan completed successfully hidden files: 56 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MS] "ImagePath"="\??\C:\DOCUME~1\Dom\USTAWI~1\Temp\tmp2F3.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Toshiba\Program narzC:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Messenger\msmsgs.exe . ************************************************************************** . Completion time: 2008-07-30 23:27:20 - machine was rebooted [Dom] ComboFix-quarantined-files.txt 2008-07-30 21:27:12 Pre-Run: 33,181,032,448 bajtów wolnych Post-Run: 33,175,490,560 bajt˘w wolnych 350

pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z EXPLORER.EXE

Re: pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Pusty pulpit, problem z explorer.exe

Kto jest na forum