szramka utworzono 22 maja 2009 utworzono 22 maja 2009 mialem problem z malware doctor po drugim skanowaniu combofix niby zniknął ale fdla pewności prosze o sprawdzenie log-a combofix
Gość komentarz 23 maja 2009 komentarz 23 maja 2009 Co to ma być za log? Wogóle nie da się jego czytać. Wrzuć normalnie na Forum tutaj i wstaw w tagi . .
szramka komentarz 23 maja 2009 Autor komentarz 23 maja 2009 ComboFix 09-05-22.03 - marta 2009-05-22 21:03.6 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.502.207 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.((((((((((((((((((((((((( Pliki utworzone od 2009-04-22 do 2009-05-22 ))))))))))))))))))))))))))))))).2009-05-21 19:38 . 2009-05-21 19:38 29184 ----a-w c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29 -------- d-----w C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36 60416 ------w c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01 285696 ------w c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55 111104 ------w c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03 723456 ------w c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03 687104 ------w c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28 218112 ------w c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59 101120 ----a-w c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42 -------- d-----w c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02 34296 ----a-w c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02 15864 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56 423784 ----a-w c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59 512688 ----a-w c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14 -------- d-----w c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04 -------- d-----w c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56 -------- d-----w c:\program files\Megaware.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-18 23:38 . 2007-11-19 20:33 -------- d-----w c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23 -------- d-----w c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56 81364 ----a-w c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56 464090 ----a-w c:\windows\system32\perfh015.dat2009-05-16 22:00 . 2007-04-25 09:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS2009-05-13 18:55 . 2007-04-25 09:20 -------- d--h--w c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32 0 ----a-w c:\windows\system32\drivers\b21611f3.sys2009-05-11 20:12 . 2007-04-25 09:35 -------- d-----w c:\program files\Common Files\Symantec Shared2009-05-09 16:47 . 2007-07-19 16:04 -------- d-----w c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18 29184 ------w c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46 58880 ------w c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12 58880 ------w c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29 58880 ------w c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22 -------- d-----w c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14 -------- d-----w c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57 285696 ------w c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30 8150 ------w C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30 107 ------w C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30 145 ------w C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10 8893880 ------w c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09 109 --sh--w c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]2009-05-21 19:38 29184 ----a-w c:\windows\system32\jhxm32.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53 32768 ------w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05 13824 ------w c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S1 b21611f3;b21611f3;c:\windows\system32\drivers\b21611f3.sys [2009-04-04 0]S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-22 21:06Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1284)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-22 21:07ComboFix-quarantined-files.txt 2009-05-22 19:07Przed: 44 955 762 688 bajtów wolnychPo: 44 941 840 384 bajtów wolnych185 --- E O F --- 2009-05-17 09:51
Gość komentarz 23 maja 2009 komentarz 23 maja 2009 Użyj programu Malwarebytes' Anti-Malware i daj z niego raport. .
szramka komentarz 23 maja 2009 Autor komentarz 23 maja 2009 Malwarebytes' Anti-Malware 1.17Database version: 84617:25:27 2009-05-23mbam-log-5-23-2009 (17-25-27).txtScan type: Full Scan (C:\|D:\|E:\|)Objects scanned: 94262Time elapsed: 20 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035596.dll (Adware.Shoper) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
szramka komentarz 23 maja 2009 Autor komentarz 23 maja 2009 ComboFix 09-05-22.03 - marta 2009-05-23 17:40.7 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.502.169 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.((((((((((((((((((((((((( Pliki utworzone od 2009-04-23 do 2009-05-23 ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52 -------- d-----w c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-21 19:38 . 2009-05-21 19:38 29184 ----a-w c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29 -------- d-----w C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36 60416 ------w c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01 285696 ------w c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55 111104 ------w c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03 723456 ------w c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03 687104 ------w c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28 218112 ------w c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59 101120 ----a-w c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42 -------- d-----w c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02 34296 ----a-w c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02 15864 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56 423784 ----a-w c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59 512688 ----a-w c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14 -------- d-----w c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04 -------- d-----w c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56 -------- d-----w c:\program files\Megaware.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-23 14:29 . 2007-04-25 09:35 -------- d-----w c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33 -------- d-----w c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23 -------- d-----w c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56 81364 ----a-w c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56 464090 ----a-w c:\windows\system32\perfh015.dat2009-05-16 22:00 . 2007-04-25 09:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS2009-05-13 18:55 . 2007-04-25 09:20 -------- d--h--w c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32 0 ----a-w c:\windows\system32\drivers\b21611f3.sys2009-05-09 16:47 . 2007-07-19 16:04 -------- d-----w c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18 29184 ------w c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46 58880 ------w c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12 58880 ------w c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29 58880 ------w c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22 -------- d-----w c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14 -------- d-----w c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57 285696 ------w c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30 8150 ------w C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30 107 ------w C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30 145 ------w C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10 8893880 ------w c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09 109 --sh--w c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]2009-05-21 19:38 29184 ----a-w c:\windows\system32\jhxm32.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53 32768 ------w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05 13824 ------w c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S1 b21611f3;b21611f3;c:\windows\system32\drivers\b21611f3.sys [2009-04-04 0]S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-23 17:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1288)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-23 17:43ComboFix-quarantined-files.txt 2009-05-23 15:43ComboFix2.txt 2009-05-22 19:07Przed: 44 902 862 848 bajtów wolnychPo: 44 889 804 800 bajtów wolnych188 --- E O F --- 2009-05-17 09:51
Gość komentarz 23 maja 2009 komentarz 23 maja 2009 Wklej do Notatnika: File::c:\windows\system32\jhxm32.dllc:\windows\system32\607242152.datC:\w9VlH.batC:\UgT7s19I2.batC:\UgT7s19I.batDriver::b21611f3BCASPROTRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. Daj log z HijackThisa. .
szramka komentarz 24 maja 2009 Autor komentarz 24 maja 2009 (edytowane) zrobiłem tak jak mówiłeś oto log z combofix!czy mam dodać jeszcze z HijackThisa? ComboFix 09-05-22.03 - marta 2009-05-24 2:08.8 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.502.193 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\marta\Pulpit\CFScript.txtAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1} * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_BCASPROT-------\Service_b21611f3-------\Service_BCASPROT((((((((((((((((((((((((( Pliki utworzone od 2009-04-24 do 2009-05-24 ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52 -------- d-----w c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-21 19:38 . 2009-05-21 19:38 29184 ----a-w c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29 -------- d-----w C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36 60416 ------w c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01 285696 ------w c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55 111104 ------w c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03 723456 ------w c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03 687104 ------w c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28 218112 ------w c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59 101120 ----a-w c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42 -------- d-----w c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02 34296 ----a-w c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02 15864 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56 423784 ----a-w c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59 512688 ----a-w c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14 -------- d-----w c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04 -------- d-----w c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56 -------- d-----w c:\program files\Megaware.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-23 23:58 . 2007-04-25 09:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS2009-05-23 14:29 . 2007-04-25 09:35 -------- d-----w c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33 -------- d-----w c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23 -------- d-----w c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56 81364 ----a-w c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56 464090 ----a-w c:\windows\system32\perfh015.dat2009-05-13 18:55 . 2007-04-25 09:20 -------- d--h--w c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32 0 ----a-w c:\windows\system32\drivers\b21611f3.sys2009-05-09 16:47 . 2007-07-19 16:04 -------- d-----w c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18 29184 ------w c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46 58880 ------w c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12 58880 ------w c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29 58880 ------w c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22 -------- d-----w c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14 -------- d-----w c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57 285696 ------w c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30 8150 ------w C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30 107 ------w C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30 145 ------w C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10 8893880 ------w c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09 109 --sh--w c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53 32768 ------w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05 13824 ------w c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-24 02:11Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1284)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Lenovo\Bluetooth Software\bin\btwdins.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Lenovo\PM Driver\PMSveH.exec:\program files\Lenovo\System Update\SUService.exec:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\program files\Lenovo\Rescue and Recovery\rrservice.exec:\program files\Common Files\Lenovo\Scheduler\tvtsched.exec:\windows\system32\wdfmgr.exec:\program files\ThinkPad\ConnectUtilities\AcSvc.exec:\program files\Common Files\Lenovo\Logger\logmon.exec:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\lxcecoms.exec:\program files\Lenovo\Bluetooth Software\BTStackServer.exe.**************************************************************************.Czas ukończenia: 2009-05-24 2:14 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-05-24 00:14ComboFix2.txt 2009-05-23 15:43ComboFix3.txt 2009-05-22 19:07Przed: 44 882 608 128 bajtów wolnychPo: 44 868 440 064 bajtów wolnych217 --- E O F --- 2009-05-17 09:51
Gość komentarz 24 maja 2009 komentarz 24 maja 2009 Pobierz ---> The Avenger Wklej do niego ten tekst: Files to delete:c:\windows\system32\jhxm32.dllC:\w9VlH.batC:\UgT7s19I2.batC:\UgT7s19I.batc:\windows\system32\607242152.datc:\windows\system32\12.tmpc:\windows\system32\5.tmpc:\windows\system32\2.tmpc:\windows\system32\drivers\b21611f3.sys Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt .
szramka komentarz 24 maja 2009 Autor komentarz 24 maja 2009 Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "c:\windows\system32\jhxm32.dll" deleted successfully.File "C:\w9VlH.bat" deleted successfully.File "C:\UgT7s19I2.bat" deleted successfully.File "C:\UgT7s19I.bat" deleted successfully.File "c:\windows\system32\607242152.dat" deleted successfully.File "c:\windows\system32\12.tmp" deleted successfully.File "c:\windows\system32\5.tmp" deleted successfully.File "c:\windows\system32\2.tmp" deleted successfully.File "c:\windows\system32\drivers\b21611f3.sys" deleted successfully.Completed script processing.*******************Finished! Terminate.
Gość komentarz 25 maja 2009 komentarz 25 maja 2009 Ok, wszystko się usunęło. Najnowszy log z ComboFixa. .
szramka komentarz 25 maja 2009 Autor komentarz 25 maja 2009 jest najnowszy log z combofixa ComboFix 09-05-24.07 - marta 2009-05-25 17:07.9 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.502.212 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.((((((((((((((((((((((((( Pliki utworzone od 2009-04-25 do 2009-05-25 ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52 -------- d-----w c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-18 23:28 . 2009-05-18 23:29 -------- d-----w C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36 60416 ------w c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01 285696 ------w c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03 473088 ------w c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03 401408 ------w c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55 111104 ------w c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03 723456 ------w c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03 687104 ------w c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28 218112 ------w c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59 101120 ----a-w c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42 -------- d-----w c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02 34296 ----a-w c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02 15864 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56 423784 ----a-w c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59 512688 ----a-w c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00 101888 ----a-w c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14 -------- d-----w c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04 -------- d-----w c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56 -------- d-----w c:\program files\Megaware.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-24 18:25 . 2007-04-25 09:20 -------- d--h--w c:\program files\InstallShield Installation Information2009-05-24 12:08 . 2007-08-18 07:23 -------- d-----w c:\documents and settings\marta\Dane aplikacji\Skype2009-05-23 23:58 . 2007-04-25 09:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS2009-05-23 14:29 . 2007-04-25 09:35 -------- d-----w c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33 -------- d-----w c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23 -------- d-----w c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56 81364 ----a-w c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56 464090 ----a-w c:\windows\system32\perfh015.dat2009-05-09 16:47 . 2007-07-19 16:04 -------- d-----w c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18 29184 ------w c:\windows\system32\smstf.dll2009-04-03 22:22 . 2009-04-03 22:22 -------- d-----w c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14 -------- d-----w c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13 -------- d-----w c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57 285696 ------w c:\windows\system32\pdh.dll2007-08-24 11:10 . 2007-08-24 11:10 8893880 ------w c:\program files\BearShareV6pl.exe.------- Sigcheck -------[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44 360960 42E3192668D0596BC1DCC0B552E40D43 c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53 32768 ------w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05 13824 ------w c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-25 17:09Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1272)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-25 17:10ComboFix-quarantined-files.txt 2009-05-25 15:10Przed: 44 943 798 272 bajtów wolnychPo: 44 929 884 160 bajtów wolnych177 --- E O F --- 2009-05-17 09:51
Gość komentarz 25 maja 2009 komentarz 25 maja 2009 Jest czyściutko. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Wykonaj optymalizację systemu 3.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
szramka komentarz 25 maja 2009 Autor komentarz 25 maja 2009 śliczne dzięki!jesteś wielki! // Jaki rym // Dzięki // djdresik nie moge uruchomić skanera kaspersky
szramka komentarz 26 maja 2009 Autor komentarz 26 maja 2009 (edytowane) mam raport od kasperskiego RAPORT KASPERSKY ONLINE SCANNER 7.0 wtorek, 26 maj 2009System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600)Wersja Kaspersky Online Scanner: 7.0.26.12Data ostatniej aktualizacji bazy danych: Tuesday, May 26, 2009 14:47:11Liczba wpisów: 2250834Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer C:\D:\E:\ Statystyki skanowania Przeskanowanych plików 59730 Nazwa zagrożenia 11 Zainfekowanych obiektów 51 Podejrzanych obiektów 0 Czas skanowania 02:05:01 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń C:\Documents and Settings\marta\nfs_inst.exe Zainfekowany: Trojan-Downloader.Win32.Horst.bc 1 C:\Program Files\BearShareV6pl.exe Zainfekowany: not-a-virus:AdWare.Win32.Mostofate.j 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031915.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031917.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031929.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031930.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031940.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031941.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216\A0032031.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216\A0032032.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240\A0035143.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240\A0035155.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242\A0035307.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035499.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035519.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.o 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035519.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.aa 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035523.exe Zainfekowany: HackTool.Win32.Crypt.cd 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035541.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035560.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035570.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035582.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035592.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035624.dll Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.aa 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035627.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.o 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035656.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035692.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035702.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035711.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036790.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036821.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036830.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037837.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037850.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037861.exe Zainfekowany: not-a-virus:WebToolbar.Win32.Zango.ca 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038846.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038858.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038868.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038947.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038949.exe Zainfekowany: not-a-virus:FraudTool.Win32.MalwareDoctor.e 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0039028.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0039126.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0040265.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042277.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042314.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042387.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042404.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043057.exe Zainfekowany: Trojan-Downloader.Win32.Agent.buhz 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043059.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043065.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043072.exe Zainfekowany: not-a-virus:FraudTool.Win32.MalwareDoctor.e 1 C:\WINDOWS\system32\smstf.dll Zainfekowany: Trojan.Win32.Agent.cane 1 Wybrany obszar został przeskanowany.
Gość komentarz 28 maja 2009 komentarz 28 maja 2009 Pobierz ---> The Avenger Wklej do niego ten tekst: Files to delete:C:\WINDOWS\system32\smstf.dllC:\Documents and Settings\marta\nfs_inst.exe C:\Program Files\BearShareV6pl.exeFolders to delete:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251 Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt .
szramka komentarz 28 maja 2009 Autor komentarz 28 maja 2009 Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\smstf.dll" deleted successfully.File "C:\Documents and Settings\marta\nfs_inst.exe" deleted successfully.File "C:\Program Files\BearShareV6pl.exe" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251" deleted successfully.Completed script processing.*******************Finished! Terminate.
szramka komentarz 29 maja 2009 Autor komentarz 29 maja 2009 kasperski coś jeszcze znalazł!ale troche mniej niż ostatnio RAPORT KASPERSKY ONLINE SCANNER 7.0 piątek, 29 maj 2009System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600)Wersja Kaspersky Online Scanner: 7.0.26.12Data ostatniej aktualizacji bazy danych: Friday, May 29, 2009 17:19:00Liczba wpisów: 2272378Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer C:\D:\E:\ Statystyki skanowania Przeskanowanych plików 55998 Nazwa zagrożenia 4 Zainfekowanych obiektów 4 Podejrzanych obiektów 0 Czas skanowania 01:54:43 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046063.exe Zainfekowany: Trojan.Win32.Zapchast.uy 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046064.exe Zainfekowany: not-a-virus:AdWare.Win32.Mostofate.j 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046065.exe Zainfekowany: Trojan-Downloader.Win32.Horst.bc 1 C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046066.dll Zainfekowany: Trojan.Win32.Agent.cane 1 Wybrany obszar został przeskanowany.
Gość komentarz 29 maja 2009 komentarz 29 maja 2009 Pobierz ---> The Avenger Wklej do niego ten tekst: Folders to delete:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261 Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt .
szramka komentarz 29 maja 2009 Autor komentarz 29 maja 2009 Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\smstf.dll" deleted successfully.File "C:\Documents and Settings\marta\nfs_inst.exe" deleted successfully.File "C:\Program Files\BearShareV6pl.exe" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251" deleted successfully.Completed script processing.*******************Finished! Terminate.////////////////////////////////////////// Avenger Pre-Processor log//////////////////////////////////////////Platform: Windows XP (build 2600, Dodatek Service Pack 2)Thu May 28 19:39:34 200919:39:34: Error: Invalid script. A valid script must begin with a command directive.Aborting execution!//////////////////////////////////////////Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261" deleted successfully.Completed script processing.*******************Finished! Terminate.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.