oczyszczaczkomputerza + reklamy

**Posty:** 23 · przez **Light** 26 Kwi 2008, 20:06

Wyskakuje mi często OczyszczaczKomuterza i różne reklamy. Oto logi

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 19:55:48, on 2008-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE C:\Program Files\InterVideo\WinDVR\WinRemote.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Netia\Net\netianet.exe C:\DOCUME~1\ADMINI~1\MOJEDO~1\ASKS~1\wowexec.exe C:\Program Files\??mbols\r?gedit.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\OczyszczaczKomputerza\stm.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\OczyszczaczKomputerza\updater.exe E:\Programy\HijackThis.exe C:\Program Files\OczyszczaczKomputerza\data\GDCW.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://ssl.netia.pl/net24/aktywacja/start.do R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [0c750b87] rundll32.exe "C:\WINDOWS\system32\gsmagtgs.dll",b O4 - HKLM\..\Run: [BM0f46381b] Rundll32.exe "C:\WINDOWS\system32\qhwqaqew.dll",s O4 - HKLM\..\Run: [OczyszczaczKomputerza] C:\Program Files\OczyszczaczKomputerza\GDC.exe O4 - HKLM\..\Run: [gdcw] C:\Program Files\OczyszczaczKomputerza\data\GDCW.exe O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\OczyszczaczKomputerza\stm.exe" dm=http://oczyszczaczkomputerza.com ad=http://oczyszczaczkomputerza.com sd=http://paistutta.oczyszczaczkomputerza.com O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe O4 - HKCU\..\Run: [Outt] "C:\DOCUME~1\ADMINI~1\MOJEDO~1\ASKS~1\wowexec.exe" --ru -vt yazb O4 - HKCU\..\Run: [Dhvyjtli] "C:\Program Files\??mbols\r?gedit.exe" O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O17 - HKLM\System\CCS\Services\Tcpip\..\{E9BB4DB4-A8F9-4B60-80BA-0EE16FA656B2}: NameServer = 213.241.79.37 83.238.255.76 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

logów z SR nie moge dac

**Posty:** 8001 · przez **Okocza** 26 Kwi 2008, 20:08

Light napisał(a):O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\OczyszczaczKomputerza\stm.exe" dm=http://oczyszczaczkomputerza.com ad=http://oczyszczaczkomputerza.com sd=http://paistutta.oczyszczaczkomputerza.com
O4 - HKCU\..\Run: [Outt] "C:\DOCUME~1\ADMINI~1\MOJEDO~1\ASKS~1\wowexec.exe" --ru -vt yazb
O4 - HKCU\..\Run: [Dhvyjtli] "C:\Program Files\??mbols\r?gedit.exe"
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing

to co zacytowałem usuwasz. dlaczego nie możesz dać loga z sr :?:

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

Jeśli combo nie zadziala daj loga z dss'a

Autor postu otrzymał pochwałę

**Posty:** 23 · przez **Light** 26 Kwi 2008, 21:00

Kod: Zaznacz wszystko: ComboFix 08-04-24.1 - Administrator 2008-04-26 20:54:56.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Menu Start\Programy\Outerinfo C:\Documents and Settings\Administrator\Menu Start\Programy\Outerinfo\Terms.lnk C:\Documents and Settings\Administrator\Menu Start\Programy\Outerinfo\Uninstall.lnk C:\Documents and Settings\Administrator\Moje dokumenty\ASKS~1 C:\Documents and Settings\Administrator\Moje dokumenty\ASKS~1\?asks\ C:\Documents and Settings\Administrator\Moje dokumenty\ASKS~1\wowexec.exe C:\Program Files\mbols~1 C:\Program Files\mbols~1\r?gedit.exe C:\Program Files\outerinfo C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dcbeg.ini C:\WINDOWS\system32\dcbeg.ini2 C:\WINDOWS\system32\gebccdd.dll C:\WINDOWS\system32\gebcd.dll C:\WINDOWS\system32\gsmagtgs.dll C:\WINDOWS\system32\qhwqaqew.dll C:\WINDOWS\system32\sgtgamsg.ini C:\WINDOWS\system32\wowtois.dll . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\system32\oobe 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\srchasst 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\msagent 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-04-26 20:41 . 2008-04-26 20:41 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-26 20:38 . 2008-04-26 20:51 <DIR> d-------- C:\SDFix 2008-04-26 19:54 . 2008-04-26 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\OczyszczaczKomputerza 2008-04-26 19:48 . 2008-04-26 19:48 <DIR> d-------- C:\Program Files\Common Files\OczyszczaczKomputerza 2008-04-26 19:48 . 2008-04-26 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OczyszczaczKomputerza 2008-04-26 10:25 . 2008-04-26 20:28 109,774 --a------ C:\WINDOWS\BM0f46381b.xml 2008-04-25 23:46 . 2008-04-25 23:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-04-25 23:46 . 2008-04-25 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-25 23:46 . 2008-04-25 23:47 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-04-25 15:12 . 2008-04-25 15:12 <DIR> d-------- C:\Program Files\PicoZipRT 2008-04-25 13:06 . 2008-04-25 13:06 <DIR> d-------- C:\Program Files\RAR Password Cracker 2008-04-25 12:49 . 2008-04-25 23:44 <DIR> d-------- C:\Program Files\ElcomSoft 2008-04-25 12:49 . 2008-04-25 12:51 1,026 --a------ C:\WINDOWS\ARPR.INI 2008-04-24 22:38 . 2008-04-24 22:38 <DIR> d-------- C:\Program Files\GIANTS_Editor_0.3.0 2008-04-24 22:38 . 2008-04-24 22:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\GIANTS Editor 0.3.0 2008-04-23 23:04 . 2008-04-25 23:46 <DIR> d-------- C:\Program Files\Landwirtschafts-Simulator 2008 2008-04-23 21:52 . 2008-04-23 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI 2008-04-23 21:52 . 2008-04-23 21:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ATI 2008-04-23 21:49 . 2008-04-23 21:50 <DIR> d-------- C:\Program Files\ATI Technologies 2008-04-23 21:49 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-04-23 20:53 . 2008-04-23 23:59 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FarmingSimulator2008 2008-04-23 20:26 . 2008-04-23 20:26 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information 2008-04-22 21:38 . 2008-04-22 21:45 <DIR> d-------- C:\Program Files\Ahead 2008-04-18 17:18 . 2008-04-26 19:46 <DIR> d-------- C:\Downloads 2008-04-18 17:17 . 2008-04-26 20:56 <DIR> d-------- C:\Program Files\FlashGet 2008-04-15 19:37 . 2008-04-26 10:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-04-15 19:35 . 2008-04-15 19:35 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-04-15 19:30 . 2008-04-15 19:30 <DIR> d-------- C:\ATI 2008-04-15 19:15 . 2008-04-25 23:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FarmingSimulator2008Demo 2008-04-12 19:25 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-04-12 18:49 . 2008-04-12 19:25 <DIR> d-------- C:\Program Files\Total Video Converter 2008-04-12 18:35 . 2008-04-12 18:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\.jpi_cache 2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\.java 2008-04-12 12:36 . 2008-04-12 12:39 193 --a------ C:\WINDOWS\wcx_ftp.ini 2008-04-12 12:35 . 2008-04-12 12:35 <DIR> d-------- C:\totalcmd 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\UC.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\RAR.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\LHA.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\ARJ.PIF 2008-04-12 12:35 . 2008-04-12 13:05 335 --a------ C:\WINDOWS\wincmd.ini 2008-04-09 21:05 . 2008-04-09 21:05 <DIR> d-------- C:\FoxitPdfReader 2008-04-09 20:19 . 2008-04-09 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo 2008-04-09 20:19 . 2004-08-04 00:44 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-04-09 20:19 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-04-09 20:19 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-04-09 20:19 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-04-09 20:16 . 2008-04-09 20:16 <DIR> d-------- C:\Program Files\InterVideo 2008-04-09 20:16 . 2001-12-10 18:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-09 20:16 . 2001-12-10 18:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-09 20:16 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-09 20:16 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-09 20:16 . 2001-12-10 18:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-09 20:16 . 2001-12-10 18:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-09 20:09 . 2008-04-09 20:12 <DIR> d-------- C:\Program Files\Winamp 2008-04-09 20:09 . 2008-04-09 20:09 <DIR> d-------- C:\Program Files\Dziobas Rar Player 2008-04-09 20:09 . 2008-04-09 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione 2008-04-09 00:16 . 2008-04-08 22:20 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony 2008-04-09 00:16 . 2008-04-23 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit 2008-04-09 00:16 . 2008-04-08 22:23 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start 2008-04-09 00:16 . 2008-04-12 18:14 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty 2008-04-09 00:16 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETAE.tmp 2008-04-09 00:16 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETBD.tmp 2008-04-09 00:15 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETAB.tmp 2008-04-09 00:14 . 2008-04-08 22:24 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji 2008-04-09 00:14 . 2008-04-08 22:27 <DIR> d--h----- C:\Documents and Settings\Default User 2008-04-09 00:14 . 2008-04-26 19:48 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji 2008-04-09 00:14 . 2008-04-26 19:48 <DIR> d-------- C:\Documents and Settings\All Users 2008-04-09 00:09 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETAD.tmp 2008-04-09 00:09 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETBC.tmp 2008-04-09 00:08 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETAA.tmp 2008-04-08 23:19 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETA9.tmp 2008-04-08 23:19 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETA6.tmp 2008-04-08 23:19 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETB5.tmp 2008-04-08 23:03 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETA8.tmp 2008-04-08 23:03 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETA5.tmp 2008-04-08 23:03 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETB4.tmp 2008-04-08 21:09 . 2008-04-08 22:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-08 21:08 . 2008-04-08 21:08 <DIR> d-------- C:\WINDOWS\system32\Macromed 2008-04-08 21:08 . 2008-04-08 22:24 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-08 21:08 . 2008-04-08 22:24 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-04-08 21:08 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-04-08 21:08 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-04-08 21:08 . 2007-04-27 09:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-04-08 21:08 . 2007-04-27 09:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-04-08 20:54 . 2008-04-08 22:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-04-08 20:54 . 2008-04-08 22:20 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-08 20:54 . 2008-04-08 20:54 37 --a------ C:\WINDOWS\vbaddin.ini 2008-04-08 20:54 . 2008-04-08 20:54 36 --a------ C:\WINDOWS\vb.ini 2008-03-29 08:21 . 2008-03-29 08:21 2,873,856 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-03-29 07:19 . 2008-03-29 07:19 9,801,728 --a------ C:\WINDOWS\system32\atioglx2.dll 2008-03-29 06:40 . 2008-03-29 06:40 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll 2008-03-29 06:05 . 2008-03-29 06:05 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2008-03-29 05:56 . 2008-03-29 05:56 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll 2008-03-29 05:56 . 2008-03-29 05:56 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll 2008-03-29 05:55 . 2008-03-29 05:55 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll 2008-03-29 05:55 . 2008-03-29 05:55 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll 2008-03-29 05:55 . 2008-03-29 05:55 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2008-03-29 05:54 . 2008-03-29 05:54 536,576 --a------ C:\WINDOWS\system32\ati2evxx.exe 2008-03-29 05:52 . 2008-03-29 05:52 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2008-03-29 05:39 . 2008-03-29 05:39 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2008-03-29 05:36 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-03-29 05:36 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-03-29 05:24 . 2008-03-29 05:24 46,080 --a------ C:\WINDOWS\system32\amdpcom32.dll 2008-03-29 05:23 . 2008-03-29 05:23 5,439,488 --a------ C:\WINDOWS\system32\atioglxx.dll 2008-03-29 05:21 . 2008-03-29 05:21 393,216 --a------ C:\WINDOWS\system32\atikvmag.dll 2008-03-29 05:19 . 2008-03-29 05:19 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2008-03-29 05:18 . 2008-03-29 05:18 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-08 20:59 --------- d-----w C:\Program Files\Gadu-Gadu 2008-04-08 20:47 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-04-08 20:47 --------- d-----w C:\Program Files\SAGEM 2008-04-08 20:47 --------- d-----w C:\Program Files\Neostrada TP 2008-04-08 20:46 --------- d-----w C:\Program Files\Java Web Start 2008-04-08 20:46 --------- d-----w C:\Program Files\Java 2008-04-08 20:39 --------- d-----w C:\Program Files\Netia 2008-04-08 20:34 --------- d-----w C:\Program Files\C-Media 3D Audio 2008-04-08 20:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-29 04:04 299,008 ------w C:\WINDOWS\system32\ati2dvag.dll 2008-03-29 03:43 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll 2008-03-29 03:36 1,765,120 ------w C:\WINDOWS\system32\ativvaxx.dll 2008-03-29 03:12 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll 2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ------- Sigcheck ------- 2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll 2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll 2007-07-28 03:15 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys 2007-07-26 19:30 2067584 5362d54a6925afdcbbba53b43ee65774 C:\WINDOWS\system32\ntkrnlpa.exe 2007-07-26 19:31 2190464 9899bb89856e3bd4ef13e11ccee49b71 C:\WINDOWS\system32\ntoskrnl.exe 2007-07-14 00:42 974848 32f67215c57df2c401bf93b7ee65987f C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-02-27 12:03 745472] "NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-02-11 22:50 474112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352] "WINSCHEDULER"="C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 18:49 139264] "WinRemote"="C:\Program Files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 18:57 131072] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] "NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-02-11 22:50 474112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2007-07-27 21:31 124928 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebccdd] gebccdd.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 20:57:52 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\INTERV~1\WinDVR\WinScheduler.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2008-04-26 20:58:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-26 18:58:34 Pre-Run: 8,610,738,176 bajtów wolnych Post-Run: 8,594,145,280 bajt˘w wolnych 257

Kod: Zaznacz wszystko: [b]SDFix: Version 1.175 [/b] Run by Administrator on 2008-04-26 at 20:44 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\OIN12.tmp.exe - Deleted C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\OIN13.tmp.exe - Deleted C:\Program Files\Common Files\Yazzle1848OinUninstaller.exe - Deleted C:\WINDOWS\tsitra1044.exe - Deleted Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 20:48:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Disabled:Gadu-Gadu - program glowny" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows" "C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Fri 25 Apr 2008 487,424 ..SHR --- "C:\Program Files\??mbols\r?gedit.exe" Fri 25 Apr 2008 446,976 ..SHR --- "C:\Documents and Settings\Administrator\Moje dokumenty\?asks\wowexec.exe" [b]Finished![/b]

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:00:16, on 2008-04-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE C:\Program Files\InterVideo\WinDVR\WinRemote.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\FlashGet\FlashGet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Netia\Net\netianet.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Programy\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://ssl.netia.pl/net24/aktywacja/start.do R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{E9BB4DB4-A8F9-4B60-80BA-0EE16FA656B2}: NameServer = 213.241.79.37 83.238.255.76 O20 - Winlogon Notify: gebccdd - gebccdd.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

**Posty:** 8001 · przez **Okocza** 26 Kwi 2008, 21:08

wchodzisz w awaryjny odpalasz http://www.atribune.org/ccount/click.php?id=4
Uruchamiamy program, zaznaczamy Run VundoFix as a task. Wyświetli się okienko informujące nas, że narzędzie uruchomi się ponownie za ok. 1 minutę.
Po ponownym uruchomieniu się programu klikamy na Scan for Vundo - rozpocznie się proces skanowania komputera w poszukiwaniu trojana Vundo.
Po zakończeniu skanowania klikamy na Remove Vundo. Wyświetli się okienko, które zapyta, czy chcemy usunąć zainfekowane pliki - wybieramy naturalnie YES.
Rozpocznie się proces usuwania. Może zniknąć nam pulpit, jednak nie ma się czym martwić, ponieważ narzędzie celowo zabiło proces explorer.exe, by ułatwić usuwanie szkodnika.
Zakończenie procedury usuwania plików program obwieści komunikatem. Klikamy na OK. System uruchomi się ponownie.

Ściągamy na dysk programik http://securityresponse.symantec.com/avcenter/FixVundo.exe
Ponownie uruchamiamy komputer w trybie awaryjnym i uruchamiamy narzędzie.
Wybieramy opcję Start i postępujemy zgodnie z pojawiającymi się na ekranie wskazówkami.

Trzecim, a zarazem ostatnim pomocnikiem w usuwaniu Vundo jest program http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
W celu rozpoczęcia procesu usuwania klikamy na Start

potem dajesz na forum log z combofixa i hijack

**Posty:** 23 · przez **Light** 27 Kwi 2008, 11:58

Kod: Zaznacz wszystko: ComboFix 08-04-24.1 - Administrator 2008-04-27 11:56:01.2 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 ))))))))))))))))))))))))))))))) . 2008-04-27 11:52 . 2008-04-27 11:53 <DIR> d-------- C:\Program Files\Landwirtschafts-Simulator 2008 2008-04-27 11:27 . 2008-04-27 11:27 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-04-27 10:56 . 2008-04-27 10:56 <DIR> d-------- C:\Program Files\Avira 2008-04-27 10:56 . 2008-04-27 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2008-04-27 10:46 . 2008-04-27 10:46 <DIR> d-------- C:\VundoFix Backups 2008-04-27 00:31 . 2008-04-27 00:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Dev-Cpp 2008-04-27 00:31 . 2008-04-27 00:31 <DIR> d-------- C:\Dev-Cpp 2008-04-27 00:12 . 2008-04-27 00:12 <DIR> d-------- C:\Graphics 2008-04-27 00:12 . 2005-11-13 01:28 238,080 --------- C:\WINDOWS\system32\mwgfx24.dll 2008-04-27 00:12 . 2008-03-16 08:43 190,464 --------- C:\WINDOWS\system32\mwgfx.dll 2008-04-27 00:12 . 2008-01-09 12:43 104,960 --------- C:\WINDOWS\system32\mwdds.dll 2008-04-27 00:12 . 2004-05-14 11:13 56,832 --------- C:\WINDOWS\system32\mwace.dll 2008-04-27 00:12 . 2007-08-19 09:37 28,672 --------- C:\WINDOWS\system32\mwgfxcopy.exe 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\system32\xircom 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\system32\oobe 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\srchasst 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\WINDOWS\msagent 2008-04-26 20:48 . 2008-04-26 20:48 <DIR> d-------- C:\Program Files\microsoft frontpage 2008-04-26 20:41 . 2008-04-26 20:41 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-26 20:38 . 2008-04-26 20:51 <DIR> d-------- C:\SDFix 2008-04-26 19:54 . 2008-04-26 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\OczyszczaczKomputerza 2008-04-26 19:48 . 2008-04-26 19:48 <DIR> d-------- C:\Program Files\Common Files\OczyszczaczKomputerza 2008-04-26 19:48 . 2008-04-26 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OczyszczaczKomputerza 2008-04-26 10:25 . 2008-04-26 20:28 109,774 --a------ C:\WINDOWS\BM0f46381b.xml 2008-04-25 23:46 . 2008-04-25 23:46 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-04-25 23:46 . 2008-04-25 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-25 23:46 . 2008-04-25 23:47 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-04-25 15:12 . 2008-04-25 15:12 <DIR> d-------- C:\Program Files\PicoZipRT 2008-04-25 13:06 . 2008-04-25 13:06 <DIR> d-------- C:\Program Files\RAR Password Cracker 2008-04-25 12:49 . 2008-04-25 23:44 <DIR> d-------- C:\Program Files\ElcomSoft 2008-04-25 12:49 . 2008-04-25 12:51 1,026 --a------ C:\WINDOWS\ARPR.INI 2008-04-24 22:38 . 2008-04-24 22:38 <DIR> d-------- C:\Program Files\GIANTS_Editor_0.3.0 2008-04-24 22:38 . 2008-04-24 22:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\GIANTS Editor 0.3.0 2008-04-23 21:52 . 2008-04-23 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI 2008-04-23 21:52 . 2008-04-23 21:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\ATI 2008-04-23 21:49 . 2008-04-23 21:50 <DIR> d-------- C:\Program Files\ATI Technologies 2008-04-23 21:49 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-04-23 20:53 . 2008-04-23 23:59 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FarmingSimulator2008 2008-04-23 20:26 . 2008-04-23 20:26 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information 2008-04-22 21:38 . 2008-04-22 21:45 <DIR> d-------- C:\Program Files\Ahead 2008-04-18 17:18 . 2008-04-26 19:46 <DIR> d-------- C:\Downloads 2008-04-18 17:17 . 2008-04-27 11:50 <DIR> d-------- C:\Program Files\FlashGet 2008-04-15 19:37 . 2008-04-26 10:23 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-04-15 19:35 . 2008-04-15 19:35 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-04-15 19:30 . 2008-04-15 19:30 <DIR> d-------- C:\ATI 2008-04-15 19:15 . 2008-04-25 23:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-15 19:15 . 2008-04-15 19:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FarmingSimulator2008Demo 2008-04-12 19:25 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx 2008-04-12 18:49 . 2008-04-12 19:25 <DIR> d-------- C:\Program Files\Total Video Converter 2008-04-12 18:35 . 2008-04-12 18:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\.jpi_cache 2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\Administrator\.java 2008-04-12 12:36 . 2008-04-12 12:39 193 --a------ C:\WINDOWS\wcx_ftp.ini 2008-04-12 12:35 . 2008-04-12 12:35 <DIR> d-------- C:\totalcmd 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\UC.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\RAR.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\LHA.PIF 2008-04-12 12:35 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\ARJ.PIF 2008-04-12 12:35 . 2008-04-12 13:05 335 --a------ C:\WINDOWS\wincmd.ini 2008-04-09 21:05 . 2008-04-09 21:05 <DIR> d-------- C:\FoxitPdfReader 2008-04-09 20:19 . 2008-04-09 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo 2008-04-09 20:19 . 2004-08-04 00:44 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-04-09 20:19 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-04-09 20:19 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-04-09 20:19 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-04-09 20:16 . 2008-04-09 20:16 <DIR> d-------- C:\Program Files\InterVideo 2008-04-09 20:16 . 2001-12-10 18:42 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2008-04-09 20:16 . 2001-12-10 18:42 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2008-04-09 20:16 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2008-04-09 20:16 . 2001-12-10 18:42 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2008-04-09 20:16 . 2001-12-10 18:42 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2008-04-09 20:16 . 2001-12-10 18:42 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll 2008-04-09 20:09 . 2008-04-09 20:12 <DIR> d-------- C:\Program Files\Winamp 2008-04-09 20:09 . 2008-04-09 20:09 <DIR> d-------- C:\Program Files\Dziobas Rar Player 2008-04-09 20:09 . 2008-04-09 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione 2008-04-09 00:16 . 2008-04-08 22:20 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione 2008-04-09 00:16 . 2008-04-09 00:16 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony 2008-04-09 00:16 . 2008-04-27 11:54 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit 2008-04-09 00:16 . 2008-04-08 22:23 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start 2008-04-09 00:16 . 2008-04-12 18:14 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty 2008-04-09 00:16 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETAE.tmp 2008-04-09 00:16 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETBD.tmp 2008-04-09 00:15 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETAB.tmp 2008-04-09 00:14 . 2008-04-08 22:24 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji 2008-04-09 00:14 . 2008-04-08 22:27 <DIR> d--h----- C:\Documents and Settings\Default User 2008-04-09 00:14 . 2008-04-27 10:56 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji 2008-04-09 00:14 . 2008-04-26 19:48 <DIR> d-------- C:\Documents and Settings\All Users 2008-04-09 00:09 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETAD.tmp 2008-04-09 00:09 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETBC.tmp 2008-04-09 00:08 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETAA.tmp 2008-04-08 23:19 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETA9.tmp 2008-04-08 23:19 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETA6.tmp 2008-04-08 23:19 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETB5.tmp 2008-04-08 23:03 . 2004-08-04 03:27 1,086,058 -ra------ C:\WINDOWS\SETA8.tmp 2008-04-08 23:03 . 2004-08-04 03:32 1,014,483 -ra------ C:\WINDOWS\SETA5.tmp 2008-04-08 23:03 . 2004-08-04 03:26 14,043 -ra------ C:\WINDOWS\SETB4.tmp 2008-04-08 21:09 . 2008-04-08 22:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2008-04-08 21:08 . 2008-04-08 21:08 <DIR> d-------- C:\WINDOWS\system32\Macromed 2008-04-08 21:08 . 2008-04-08 22:24 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-08 21:08 . 2008-04-08 22:24 <DIR> d-------- C:\Program Files\QuickTime Alternative 2008-04-08 21:08 . 2003-03-19 05:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-04-08 21:08 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-04-08 21:08 . 2007-04-27 09:42 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-04-08 21:08 . 2007-04-27 09:42 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-04-08 20:54 . 2008-04-08 22:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-04-08 20:54 . 2008-04-08 22:20 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-08 20:54 . 2008-04-08 20:54 37 --a------ C:\WINDOWS\vbaddin.ini 2008-04-08 20:54 . 2008-04-08 20:54 36 --a------ C:\WINDOWS\vb.ini 2008-03-29 08:21 . 2008-03-29 08:21 2,873,856 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-03-29 07:19 . 2008-03-29 07:19 9,801,728 --a------ C:\WINDOWS\system32\atioglx2.dll 2008-03-29 06:40 . 2008-03-29 06:40 167,936 --a------ C:\WINDOWS\system32\atiok3x2.dll 2008-03-29 06:05 . 2008-03-29 06:05 372,736 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2008-03-29 05:56 . 2008-03-29 05:56 172,032 --a------ C:\WINDOWS\system32\atipdlxx.dll 2008-03-29 05:56 . 2008-03-29 05:56 126,976 --a------ C:\WINDOWS\system32\Oemdspif.dll 2008-03-29 05:55 . 2008-03-29 05:55 126,976 --a------ C:\WINDOWS\system32\ati2evxx.dll 2008-03-29 05:55 . 2008-03-29 05:55 43,520 --a------ C:\WINDOWS\system32\ati2edxx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-08 20:59 --------- d-----w C:\Program Files\Gadu-Gadu 2008-04-08 20:47 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-04-08 20:47 --------- d-----w C:\Program Files\SAGEM 2008-04-08 20:47 --------- d-----w C:\Program Files\Neostrada TP 2008-04-08 20:46 --------- d-----w C:\Program Files\Java Web Start 2008-04-08 20:46 --------- d-----w C:\Program Files\Java 2008-04-08 20:39 --------- d-----w C:\Program Files\Netia 2008-04-08 20:34 --------- d-----w C:\Program Files\C-Media 3D Audio 2008-04-08 20:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-29 04:04 299,008 ------w C:\WINDOWS\system32\ati2dvag.dll 2008-03-29 03:43 3,176,480 ------w C:\WINDOWS\system32\ati3duag.dll 2008-03-29 03:36 1,765,120 ------w C:\WINDOWS\system32\ativvaxx.dll 2008-03-29 03:12 520,192 ------w C:\WINDOWS\system32\ati2cqag.dll 2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ------- Sigcheck ------- 2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll 2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll 2007-07-28 03:15 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys 2007-07-26 19:30 2067584 5362d54a6925afdcbbba53b43ee65774 C:\WINDOWS\system32\ntkrnlpa.exe 2007-07-26 19:31 2190464 9899bb89856e3bd4ef13e11ccee49b71 C:\WINDOWS\system32\ntoskrnl.exe 2007-07-14 00:42 974848 32f67215c57df2c401bf93b7ee65987f C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-26_20.58.24.37 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-26 18:57:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-27 09:29:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-09-07 10:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2004-02-27 12:03 745472] "NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-02-11 22:50 474112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352] "WINSCHEDULER"="C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE" [2003-09-03 18:49 139264] "WinRemote"="C:\Program Files\InterVideo\WinDVR\WinRemote.exe" [2003-09-03 18:57 131072] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50 155648] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] "NETIANET"="C:\Program Files\Netia\Net\netianet.exe" [2007-02-11 22:50 474112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2007-07-27 21:31 124928 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebccdd] gebccdd.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\totalcmd\\TOTALCMD.EXE"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= *Newly Created Service* - CATCHME *Newly Created Service* - SSMDRV . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 11:57:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-27 11:57:37 ComboFix-quarantined-files.txt 2008-04-27 09:57:33 ComboFix2.txt 2008-04-26 18:58:38 Pre-Run: 8,930,476,032 bajtów wolnych Post-Run: 8,926,277,632 bajtów wolnych 233

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 11:58:20, on 2008-04-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE C:\Program Files\InterVideo\WinDVR\WinRemote.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Netia\Net\netianet.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\explorer.exe E:\Programy\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://ssl.netia.pl/net24/aktywacja/start.do R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{E9BB4DB4-A8F9-4B60-80BA-0EE16FA656B2}: NameServer = 213.241.79.37 83.238.255.76 O20 - Winlogon Notify: gebccdd - gebccdd.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

**Posty:** 18165 · przez **wojtas** 27 Kwi 2008, 19:46

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\BM0f46381b.xm
C:\WINDOWS\SETAE.tmp
C:\WINDOWS\SETBD.tmp
C:\WINDOWS\SETAB.tmp
C:\WINDOWS\SETAD.tmp
C:\WINDOWS\SETBC.tmp
C:\WINDOWS\SETAA.tmp
C:\WINDOWS\SETA9.tmp
C:\WINDOWS\SETA6.tmp
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETA8.tmp
C:\WINDOWS\SETA5.tmp
C:\WINDOWS\SETB4.tmp

Folder::
C:\Documents and Settings\Administrator\Dane aplikacji\OczyszczaczKomputerza
C:\Program Files\Common Files\OczyszczaczKomputerza
C:\Documents and Settings\All Users\Dane aplikacji\OczyszczaczKomputerza
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebccdd]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

oczyszczaczkomputerza + reklamy

oczyszczaczKomputerza + reklamy

Kto jest na forum