x-kom hosting

prosze o sprawdzenie \log-combofix

szramka
utworzono
utworzono

mialem problem z malware doctor po drugim skanowaniu combofix niby zniknął ale fdla pewności prosze o sprawdzenie log-a combofix

Gość
komentarz
komentarz

Co to ma być za log? Wogóle nie da się jego czytać. Wrzuć normalnie na Forum tutaj i wstaw w tagi


. ;)

.

szramka
komentarz
komentarz
ComboFix 09-05-22.03 - marta 2009-05-22 21:03.6 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.502.207 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-22 do 2009-05-22  ))))))))))))))))))))))))))))))).2009-05-21 19:38 . 2009-05-21 19:38	29184	----a-w	c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29	--------	d-----w	C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36	60416	------w	c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03	473088	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54	35328	------w	c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03	723456	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03	687104	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59	101120	----a-w	c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59	24448	----a-w	c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42	--------	d-----w	c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02	34296	----a-w	c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02	15864	----a-w	c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56	423784	----a-w	c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59	512688	----a-w	c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00	101888	----a-w	c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14	--------	d-----w	c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04	--------	d-----w	c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56	--------	d-----w	c:\program files\Megaware.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-18 23:38 . 2007-11-19 20:33	--------	d-----w	c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23	--------	d-----w	c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56	81364	----a-w	c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56	464090	----a-w	c:\windows\system32\perfh015.dat2009-05-16 22:00 . 2007-04-25 09:47	5427	----a-w	c:\windows\system32\EGATHDRV.SYS2009-05-13 18:55 . 2007-04-25 09:20	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32	0	----a-w	c:\windows\system32\drivers\b21611f3.sys2009-05-11 20:12 . 2007-04-25 09:35	--------	d-----w	c:\program files\Common Files\Symantec Shared2009-05-09 16:47 . 2007-07-19 16:04	--------	d-----w	c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18	29184	------w	c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46	58880	------w	c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12	58880	------w	c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29	58880	------w	c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22	--------	d-----w	c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14	--------	d-----w	c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57	285696	------w	c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30	8150	------w	C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30	107	------w	C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30	145	------w	C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10	8893880	------w	c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09	109	--sh--w	c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07	360448	5562CC0A47B2AEF06D3417B733F3C195	c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18	360576	B2220C618B42A2212A59D91EBD6FC4B4	c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53	360832	64798ECFA43D78C7178375FCDD16D8C8	c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]2009-05-21 19:38	29184	----a-w	c:\windows\system32\jhxm32.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53	32768	------w	c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05	13824	------w	c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S1 b21611f3;b21611f3;c:\windows\system32\drivers\b21611f3.sys [2009-04-04 0]S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-22 21:06Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1284)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-22 21:07ComboFix-quarantined-files.txt  2009-05-22 19:07Przed: 44 955 762 688 bajtów wolnychPo: 44 941 840 384 bajtów wolnych185	--- E O F ---	2009-05-17 09:51
Gość
komentarz
komentarz

Użyj programu Malwarebytes' Anti-Malware i daj z niego raport.

.

szramka
komentarz
komentarz
Malwarebytes' Anti-Malware 1.17Database version: 84617:25:27 2009-05-23mbam-log-5-23-2009 (17-25-27).txtScan type: Full Scan (C:\|D:\|E:\|)Objects scanned: 94262Time elapsed: 20 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035596.dll (Adware.Shoper) -> Quarantined and deleted successfully.C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
Gość
komentarz
komentarz

Daj teraz najnowszy log z ComboFixa.

.

szramka
komentarz
komentarz
ComboFix 09-05-22.03 - marta 2009-05-23 17:40.7 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.502.169 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-23 do 2009-05-23  ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52	--------	d-----w	c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-21 19:38 . 2009-05-21 19:38	29184	----a-w	c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29	--------	d-----w	C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36	60416	------w	c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03	473088	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54	35328	------w	c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03	723456	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03	687104	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59	101120	----a-w	c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59	24448	----a-w	c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42	--------	d-----w	c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02	34296	----a-w	c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02	15864	----a-w	c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56	423784	----a-w	c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59	512688	----a-w	c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00	101888	----a-w	c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14	--------	d-----w	c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04	--------	d-----w	c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56	--------	d-----w	c:\program files\Megaware.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-23 14:29 . 2007-04-25 09:35	--------	d-----w	c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33	--------	d-----w	c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23	--------	d-----w	c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56	81364	----a-w	c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56	464090	----a-w	c:\windows\system32\perfh015.dat2009-05-16 22:00 . 2007-04-25 09:47	5427	----a-w	c:\windows\system32\EGATHDRV.SYS2009-05-13 18:55 . 2007-04-25 09:20	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32	0	----a-w	c:\windows\system32\drivers\b21611f3.sys2009-05-09 16:47 . 2007-07-19 16:04	--------	d-----w	c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18	29184	------w	c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46	58880	------w	c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12	58880	------w	c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29	58880	------w	c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22	--------	d-----w	c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14	--------	d-----w	c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57	285696	------w	c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30	8150	------w	C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30	107	------w	C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30	145	------w	C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10	8893880	------w	c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09	109	--sh--w	c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07	360448	5562CC0A47B2AEF06D3417B733F3C195	c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18	360576	B2220C618B42A2212A59D91EBD6FC4B4	c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53	360832	64798ECFA43D78C7178375FCDD16D8C8	c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]2009-05-21 19:38	29184	----a-w	c:\windows\system32\jhxm32.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53	32768	------w	c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05	13824	------w	c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S1 b21611f3;b21611f3;c:\windows\system32\drivers\b21611f3.sys [2009-04-04 0]S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-23 17:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1288)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-23 17:43ComboFix-quarantined-files.txt  2009-05-23 15:43ComboFix2.txt  2009-05-22 19:07Przed: 44 902 862 848 bajtów wolnychPo: 44 889 804 800 bajtów wolnych188	--- E O F ---	2009-05-17 09:51
Gość
komentarz
komentarz

Wklej do Notatnika:

File::c:\windows\system32\jhxm32.dllc:\windows\system32\607242152.datC:\w9VlH.batC:\UgT7s19I2.batC:\UgT7s19I.batDriver::b21611f3BCASPROTRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F30B5E7E-CFBB-44fb-A947-226E5A7A4290}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Daj log z HijackThisa.

.

szramka
komentarz
komentarz (edytowane)

zrobiłem tak jak mówiłeś oto log z combofix!czy mam dodać jeszcze z HijackThisa?

ComboFix

09-05-22.03 - marta 2009-05-24  2:08.8 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.502.193 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\marta\Pulpit\CFScript.txtAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1} * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_BCASPROT-------\Service_b21611f3-------\Service_BCASPROT(((((((((((((((((((((((((   Pliki utworzone od 2009-04-24 do 2009-05-24  ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52	--------	d-----w	c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-21 19:38 . 2009-05-21 19:38	29184	----a-w	c:\windows\system32\jhxm32.dll2009-05-18 23:28 . 2009-05-18 23:29	--------	d-----w	C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36	60416	------w	c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03	473088	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54	35328	------w	c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03	723456	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03	687104	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59	101120	----a-w	c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59	24448	----a-w	c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42	--------	d-----w	c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02	34296	----a-w	c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02	15864	----a-w	c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56	423784	----a-w	c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59	512688	----a-w	c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00	101888	----a-w	c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14	--------	d-----w	c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04	--------	d-----w	c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56	--------	d-----w	c:\program files\Megaware.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-23 23:58 . 2007-04-25 09:47	5427	----a-w	c:\windows\system32\EGATHDRV.SYS2009-05-23 14:29 . 2007-04-25 09:35	--------	d-----w	c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33	--------	d-----w	c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23	--------	d-----w	c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56	81364	----a-w	c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56	464090	----a-w	c:\windows\system32\perfh015.dat2009-05-13 18:55 . 2007-04-25 09:20	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-13 18:43 . 2009-04-04 00:32	0	----a-w	c:\windows\system32\drivers\b21611f3.sys2009-05-09 16:47 . 2007-07-19 16:04	--------	d-----w	c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18	29184	------w	c:\windows\system32\smstf.dll2009-04-05 12:12 . 2009-04-15 19:46	58880	------w	c:\windows\system32\12.tmp2009-04-04 22:29 . 2009-04-05 12:12	58880	------w	c:\windows\system32\5.tmp2009-04-04 14:07 . 2009-04-04 22:29	58880	------w	c:\windows\system32\2.tmp2009-04-03 22:22 . 2009-04-03 22:22	--------	d-----w	c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14	--------	d-----w	c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57	285696	------w	c:\windows\system32\pdh.dll2009-02-28 20:30 . 2009-02-28 20:30	8150	------w	C:\w9VlH.bat2009-02-28 20:30 . 2009-02-28 20:30	107	------w	C:\UgT7s19I2.bat2009-02-28 20:30 . 2009-02-28 20:30	145	------w	C:\UgT7s19I.bat2007-08-24 11:10 . 2007-08-24 11:10	8893880	------w	c:\program files\BearShareV6pl.exe2009-02-17 01:14 . 2009-02-17 01:09	109	--sh--w	c:\windows\system32\607242152.dat.------- Sigcheck -------[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07	360448	5562CC0A47B2AEF06D3417B733F3C195	c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18	360576	B2220C618B42A2212A59D91EBD6FC4B4	c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53	360832	64798ECFA43D78C7178375FCDD16D8C8	c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53	32768	------w	c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05	13824	------w	c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-24 02:11Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1284)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Lenovo\Bluetooth Software\bin\btwdins.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Lenovo\PM Driver\PMSveH.exec:\program files\Lenovo\System Update\SUService.exec:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exec:\program files\Lenovo\Rescue and Recovery\rrservice.exec:\program files\Common Files\Lenovo\Scheduler\tvtsched.exec:\windows\system32\wdfmgr.exec:\program files\ThinkPad\ConnectUtilities\AcSvc.exec:\program files\Common Files\Lenovo\Logger\logmon.exec:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\system32\lxcecoms.exec:\program files\Lenovo\Bluetooth Software\BTStackServer.exe.**************************************************************************.Czas ukończenia: 2009-05-24  2:14 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-05-24 00:14ComboFix2.txt  2009-05-23 15:43ComboFix3.txt  2009-05-22 19:07Przed: 44 882 608 128 bajtów wolnychPo: 44 868 440 064 bajtów wolnych217	--- E O F ---	2009-05-17 09:51
Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:c:\windows\system32\jhxm32.dllC:\w9VlH.batC:\UgT7s19I2.batC:\UgT7s19I.batc:\windows\system32\607242152.datc:\windows\system32\12.tmpc:\windows\system32\5.tmpc:\windows\system32\2.tmpc:\windows\system32\drivers\b21611f3.sys

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

.

szramka
komentarz
komentarz
Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "c:\windows\system32\jhxm32.dll" deleted successfully.File "C:\w9VlH.bat" deleted successfully.File "C:\UgT7s19I2.bat" deleted successfully.File "C:\UgT7s19I.bat" deleted successfully.File "c:\windows\system32\607242152.dat" deleted successfully.File "c:\windows\system32\12.tmp" deleted successfully.File "c:\windows\system32\5.tmp" deleted successfully.File "c:\windows\system32\2.tmp" deleted successfully.File "c:\windows\system32\drivers\b21611f3.sys" deleted successfully.Completed script processing.*******************Finished!  Terminate.
Gość
komentarz
komentarz

Ok, wszystko się usunęło.

Najnowszy log z ComboFixa.

.

szramka
komentarz
komentarz

jest najnowszy log z combofixa

ComboFix 09-05-24.07 - marta 2009-05-25 17:07.9 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.502.212 [GMT 2:00]Uruchomiony z: c:\documents and settings\marta\Pulpit\ComboFix.exeAV: AVG 7.5.503 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-25 do 2009-05-25  ))))))))))))))))))))))))))))))).2009-05-23 14:52 . 2009-05-23 14:52	--------	d-----w	c:\program files\CCleaner2009-05-22 20:38 . 2009-05-23 14:29	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Norton2009-05-22 20:38 . 2009-05-22 20:38	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2009-05-18 23:28 . 2009-05-18 23:29	--------	d-----w	C:\32788R22FWJFW.0.tmp2009-05-16 19:27 . 2005-07-26 04:36	60416	------w	c:\windows\system32\dllcache\colbact.dll2009-05-16 19:27 . 2009-03-06 14:01	285696	------w	c:\windows\system32\dllcache\pdh.dll2009-05-16 19:27 . 2009-02-09 10:03	473088	------w	c:\windows\system32\dllcache\fastprox.dll2009-05-16 19:27 . 2009-02-09 10:03	401408	------w	c:\windows\system32\dllcache\rpcss.dll2009-05-16 19:27 . 2009-02-09 09:55	111104	------w	c:\windows\system32\dllcache\services.exe2009-05-16 19:27 . 2009-02-06 09:54	35328	------w	c:\windows\system32\dllcache\sc.exe2009-05-16 19:27 . 2009-02-06 09:41	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe2009-05-16 19:27 . 2009-02-09 10:03	723456	------w	c:\windows\system32\dllcache\ntdll.dll2009-05-16 19:27 . 2009-02-09 10:03	687104	------w	c:\windows\system32\dllcache\advapi32.dll2009-05-16 19:25 . 2008-04-21 21:28	218112	------w	c:\windows\system32\dllcache\wordpad.exe2009-05-13 18:56 . 2007-07-16 14:59	101120	----a-w	c:\windows\system32\drivers\ewusbmdm.sys2009-05-13 18:56 . 2007-07-16 14:59	24448	----a-w	c:\windows\system32\drivers\ewdcsc.sys2009-05-10 17:42 . 2009-05-10 17:42	--------	d-----w	c:\windows\system32\Adobe2009-05-09 18:35 . 2008-06-10 17:02	34296	----a-w	c:\windows\system32\drivers\mbamcatchme.sys2009-05-09 18:35 . 2008-06-10 17:02	15864	----a-w	c:\windows\system32\drivers\mbam.sys2009-05-09 18:35 . 2009-05-09 18:35	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-05-09 17:53 . 2004-05-11 08:56	423784	----a-w	c:\windows\system32\XceedBkp.dll2009-05-09 17:53 . 2003-11-19 12:59	512688	----a-w	c:\windows\system32\XceedCry.dll2009-05-09 17:53 . 2000-07-15 04:00	101888	----a-w	c:\windows\system32\VB6STKIT.DLL2009-04-30 15:14 . 2009-04-30 15:14	--------	d-----w	c:\windows\Cache2009-04-25 19:04 . 2009-04-25 19:04	--------	d-----w	c:\program files\Motion Plus media2009-04-25 18:56 . 2009-04-25 18:56	--------	d-----w	c:\program files\Megaware.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-24 18:25 . 2007-04-25 09:20	--------	d--h--w	c:\program files\InstallShield Installation Information2009-05-24 12:08 . 2007-08-18 07:23	--------	d-----w	c:\documents and settings\marta\Dane aplikacji\Skype2009-05-23 23:58 . 2007-04-25 09:47	5427	----a-w	c:\windows\system32\EGATHDRV.SYS2009-05-23 14:29 . 2007-04-25 09:35	--------	d-----w	c:\program files\Common Files\Symantec Shared2009-05-22 20:43 . 2007-04-25 09:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Symantec2009-05-18 23:38 . 2007-11-19 20:33	--------	d-----w	c:\program files\ESET2009-05-17 21:03 . 2007-08-18 07:23	--------	d-----w	c:\program files\Google2009-05-17 10:52 . 2007-04-25 16:56	81364	----a-w	c:\windows\system32\perfc015.dat2009-05-17 10:52 . 2007-04-25 16:56	464090	----a-w	c:\windows\system32\perfh015.dat2009-05-09 16:47 . 2007-07-19 16:04	--------	d-----w	c:\program files\Lx_cats2009-04-14 15:18 . 2009-04-14 15:18	29184	------w	c:\windows\system32\smstf.dll2009-04-03 22:22 . 2009-04-03 22:22	--------	d-----w	c:\program files\Garmin GPS Plugin2009-04-03 22:14 . 2009-04-03 22:14	--------	d-----w	c:\documents and settings\marta\Dane aplikacji\GARMIN2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\DIFX2009-04-03 22:13 . 2009-04-03 22:13	--------	d-----w	c:\program files\Garmin2009-03-06 14:01 . 2007-04-25 16:57	285696	------w	c:\windows\system32\pdh.dll2007-08-24 11:10 . 2007-08-24 11:10	8893880	------w	c:\program files\BearShareV6pl.exe.------- Sigcheck -------[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2006-01-13 17:07	360448	5562CC0A47B2AEF06D3417B733F3C195	c:\windows\$NtUninstallKB917953$\tcpip.sys[7] 2006-04-20 12:18	360576	B2220C618B42A2212A59D91EBD6FC4B4	c:\windows\$NtUninstallKB941644$\tcpip.sys[7] 2007-10-30 16:53	360832	64798ECFA43D78C7178375FCDD16D8C8	c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\dllcache\tcpip.sys[-] 2008-06-20 10:44	360960	42E3192668D0596BC1DCC0B552E40D43	c:\windows\system32\drivers\tcpip.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 24576]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-08 94208]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"snp2std"="c:\windows\vsnp2std.exe" [2006-07-10 675840]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-21 33128]"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 110592]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 507904]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-10-05 110592]"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-08-30 89542][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-1-17 618557][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"AntiVirusDisableNotify"= 2089932196 (0x7c91d5a4)"UpdatesDisableNotify"= 2089932196 (0x7c91d5a4)"FirewallDisableNotify"= 2089932196 (0x7c91d5a4)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]2006-10-05 17:53	32768	------w	c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2006-01-11 06:05	13824	------w	c:\windows\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]sasnative32[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]S3 sea3bus;Sony Ericsson Device 0A3 driver (WDM);c:\windows\system32\drivers\sea3bus.sys [2007-01-26 61600]S3 sea3mdfl;Sony Ericsson Device 0A3 USB WMC Modem Filter;c:\windows\system32\drivers\sea3mdfl.sys [2007-01-26 9392]S3 sea3mdm;Sony Ericsson Device 0A3 USB WMC Modem Driver;c:\windows\system32\drivers\sea3mdm.sys [2007-01-26 97152].Zawartość folderu 'Zaplanowane zadania'2009-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 1.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 2.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00]2007-07-16 c:\windows\Tasks\Przypomnienie o rejestracji 3.job- c:\windows\system32\OOBE\oobebaln.exe [2007-04-25 20:00].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreFF - ProfilePath - c:\documents and settings\marta\Dane aplikacji\Mozilla\Firefox\Profiles\9vg5m08j.default\FF - prefs.js: browser.startup.homepage - hxxp://onet.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-25 17:09Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1272)c:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\windows\system32\MSVCR71.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\tphklock.dllc:\windows\System32\BCMLogon.dll.Czas ukończenia: 2009-05-25 17:10ComboFix-quarantined-files.txt  2009-05-25 15:10Przed: 44 943 798 272 bajtów wolnychPo: 44 929 884 160 bajtów wolnych177	--- E O F ---	2009-05-17 09:51
Gość
komentarz
komentarz

Jest czyściutko. :)

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Wykonaj optymalizację systemu

3.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

szramka
komentarz
komentarz

śliczne dzięki!jesteś wielki! :D // Jaki rym :haha: // Dzięki :) // djdresik

nie moge uruchomić skanera kaspersky :co:

Psycholandia
komentarz
komentarz

Uruchamiasz przez Internet Explorer?

szramka
komentarz
komentarz

przez Mozille

Gość
komentarz
komentarz

Masz uruchomić przez IE!!

.

szramka
komentarz
komentarz (edytowane)

mam raport od kasperskiego :o

RAPORT KASPERSKY ONLINE SCANNER 7.0  wtorek, 26 maj 2009System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600)Wersja Kaspersky Online Scanner: 7.0.26.12Data ostatniej aktualizacji bazy danych: Tuesday, May 26, 2009 14:47:11Liczba wpisów: 2250834Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer C:\D:\E:\  Statystyki skanowania Przeskanowanych plików 59730 Nazwa zagrożenia 11 Zainfekowanych obiektów 51 Podejrzanych obiektów 0 Czas skanowania 02:05:01 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń C:\Documents and Settings\marta\nfs_inst.exe Zainfekowany: Trojan-Downloader.Win32.Horst.bc 1  C:\Program Files\BearShareV6pl.exe Zainfekowany: not-a-virus:AdWare.Win32.Mostofate.j 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031915.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031917.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031929.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031930.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031940.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215\A0031941.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216\A0032031.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216\A0032032.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240\A0035143.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240\A0035155.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242\A0035307.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035499.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035519.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.o 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035519.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.aa 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035523.exe Zainfekowany: HackTool.Win32.Crypt.cd 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035541.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035560.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035570.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035582.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035592.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035624.dll Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.aa 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243\A0035627.exe Zainfekowany: not-a-virus:FraudTool.Win32.BPSSpywareRemover.o 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035656.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035692.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035702.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244\A0035711.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036790.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036821.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246\A0036830.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037837.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037850.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247\A0037861.exe Zainfekowany: not-a-virus:WebToolbar.Win32.Zango.ca 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038846.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038858.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038868.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038947.dll Zainfekowany: Trojan.Win32.Agent.bzzx 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0038949.exe Zainfekowany: not-a-virus:FraudTool.Win32.MalwareDoctor.e 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0039028.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248\A0039126.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0040265.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042277.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042314.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042387.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250\A0042404.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043057.exe Zainfekowany: Trojan-Downloader.Win32.Agent.buhz 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043059.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043065.dll Zainfekowany: Trojan.Win32.Agent.cbpp 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251\A0043072.exe Zainfekowany: not-a-virus:FraudTool.Win32.MalwareDoctor.e 1  C:\WINDOWS\system32\smstf.dll Zainfekowany: Trojan.Win32.Agent.cane 1  Wybrany obszar został przeskanowany.
Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:C:\WINDOWS\system32\smstf.dllC:\Documents and Settings\marta\nfs_inst.exe C:\Program Files\BearShareV6pl.exeFolders to delete:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

.

szramka
komentarz
komentarz
Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\smstf.dll" deleted successfully.File "C:\Documents and Settings\marta\nfs_inst.exe" deleted successfully.File "C:\Program Files\BearShareV6pl.exe" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251" deleted successfully.Completed script processing.*******************Finished!  Terminate.
Gość
komentarz
komentarz

Ponowne skanowanie Kasperskym.

.

szramka
komentarz
komentarz

kasperski coś jeszcze znalazł!ale troche mniej niż ostatnio :)

RAPORT KASPERSKY ONLINE SCANNER 7.0  piątek, 29 maj 2009System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600)Wersja Kaspersky Online Scanner: 7.0.26.12Data ostatniej aktualizacji bazy danych: Friday, May 29, 2009 17:19:00Liczba wpisów: 2272378Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer C:\D:\E:\  Statystyki skanowania Przeskanowanych plików 55998 Nazwa zagrożenia 4 Zainfekowanych obiektów 4 Podejrzanych obiektów 0 Czas skanowania 01:54:43 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046063.exe Zainfekowany: Trojan.Win32.Zapchast.uy 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046064.exe Zainfekowany: not-a-virus:AdWare.Win32.Mostofate.j 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046065.exe Zainfekowany: Trojan-Downloader.Win32.Horst.bc 1  C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261\A0046066.dll Zainfekowany: Trojan.Win32.Agent.cane 1  Wybrany obszar został przeskanowany.
Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Folders to delete:C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

.

szramka
komentarz
komentarz
Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\smstf.dll" deleted successfully.File "C:\Documents and Settings\marta\nfs_inst.exe" deleted successfully.File "C:\Program Files\BearShareV6pl.exe" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP215" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP216" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP240" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP242" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP243" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP244" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP246" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP247" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP248" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP250" deleted successfully.Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP251" deleted successfully.Completed script processing.*******************Finished!  Terminate.//////////////////////////////////////////  Avenger Pre-Processor log//////////////////////////////////////////Platform: Windows XP (build 2600, Dodatek Service Pack 2)Thu May 28 19:39:34 200919:39:34: Error: Invalid script.  A valid script must begin with a command directive.Aborting execution!//////////////////////////////////////////Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Folder "C:\System Volume Information\_restore{356FE635-CB4C-43C1-98A2-35C13CFB0654}\RP261" deleted successfully.Completed script processing.*******************Finished!  Terminate.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.