x-kom hosting

System Security 2009 -dziwny problem

xad
utworzono
utworzono (edytowane)

Jeśli w złym dziale to proszę o przeniesienie...

Problem wygląda następująco: zainstalował mi się na komputerze program o nazwie System Security 2009, prawdopodobnie wirus. Włącza się przy starcie systemu wyświetla okno, w którym niby pokazuje mi zainfekowane pliki, oraz uniemożliwia uruchamianie i instalowanie żadnych programów (dlatego pracuje w trybie awaryjnym), a także zmienia tapetę z czerwonymi napisami że komputer jest zainfekowany. Proszę o pomoc, jak pozbyć się tego dziadostwa?? ;)

Gość
komentarz
komentarz

Z takimi rzeczami najlepiej radzi sobie ComboFix.

Daj z niego log. ;)

.

xad
komentarz
komentarz (edytowane)
ComboFix 09-07-11.02 - Kuba 2009-07-12 17:27.3.1 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.255.167 [GMT 2:00]Uruchomiony z: c:\documents and settings\Kuba\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090711-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Dane aplikacji\17704774c:\documents and settings\All Users\Dane aplikacji\17704774\17704774c:\documents and settings\All Users\Dane aplikacji\17704774\17704774.exec:\documents and settings\Kuba\Dane aplikacji\wiaserva.logc:\documents and settings\Kuba\Kuba.exec:\documents and settings\Kuba\Menu Start\Programy\Autostart\rncsys32.exec:\documents and settings\Kuba\Menu Start\Programy\System Securityc:\documents and settings\Kuba\Menu Start\Programy\System Security\System Securityc:\windows\Installer\25b1d0.msic:\windows\Installer\68dd1f.msic:\windows\Installer\84bcb.msic:\windows\Installer\96727.msi.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_FIPS32CUP-------\Legacy_WS2_32SIK-------\Service_fips32cup(((((((((((((((((((((((((   Pliki utworzone od 2009-06-12 do 2009-07-12  ))))))))))))))))))))))))))))))).2009-07-12 14:11 . 2009-07-12 14:11	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes2009-07-12 14:11 . 2009-06-17 09:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys2009-07-12 14:11 . 2009-07-12 14:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware2009-07-12 14:11 . 2009-06-17 09:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys2009-07-12 14:07 . 2009-07-12 14:07	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla2009-07-12 14:04 . 2009-07-12 14:04	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2009-07-12 11:51 . 2009-07-12 11:51	--------	d-----w-	c:\program files\Trend Micro2009-07-12 11:23 . 2009-07-12 11:23	23040	----a-w-	c:\windows\system32\wpv911247394954.exe2009-07-12 10:46 . 2009-07-12 10:46	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Malwarebytes2009-07-12 10:46 . 2009-07-12 10:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-07-11 20:23 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys2009-07-11 20:23 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys2009-07-11 19:52 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys2009-07-11 19:52 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys2009-07-11 19:52 . 2009-02-05 20:05	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys2009-07-11 19:52 . 2009-02-05 20:08	93296	----a-w-	c:\windows\system32\drivers\aswmon.sys2009-07-11 19:52 . 2009-02-05 20:08	94032	----a-w-	c:\windows\system32\drivers\aswmon2.sys2009-07-11 19:51 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe2009-07-11 19:51 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AVASTSS.scr2009-07-04 09:21 . 2009-07-04 09:22	--------	d-----w-	C:\totalcmd2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\UC.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\RAR.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\PKZIP.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\PKUNZIP.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\NOCLOSE.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\LHA.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\ARJ.PIF2009-06-25 12:14 . 2009-07-04 09:43	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Download Manager2009-06-22 11:37 . 2009-06-22 11:37	--------	d-----w-	c:\program files\Lavalys2009-06-18 13:01 . 2009-06-18 13:17	98304	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Soldat\Battleye\BEClient.dll2009-06-18 13:01 . 2009-03-28 17:52	94208	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Soldat\Battleye\BEServer.dll2009-06-18 12:40 . 2009-06-11 21:08	2796516	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\wappau4a.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll2009-06-18 12:17 . 2009-06-18 12:26	--------	d-----w-	c:\program files\kED2009-06-15 20:36 . 2009-06-15 20:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\E3462009-06-15 13:47 . 2009-06-15 13:47	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google2009-06-13 08:13 . 2009-06-13 08:13	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\GRETECH2009-06-13 08:12 . 2009-06-13 08:12	--------	d-----w-	c:\program files\GRETECH2009-06-13 07:39 . 2009-06-13 07:47	--------	d-----w-	C:\My Videos2009-06-13 07:38 . 2009-06-13 07:38	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apowersoft.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-10 13:59 . 2008-03-07 14:32	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\GanymedeNet2009-07-07 18:40 . 2008-07-01 15:08	34	----a-w-	c:\documents and settings\Kuba\jagex_runescape_preferences.dat2009-06-30 08:56 . 2008-09-11 14:24	--------	d-----w-	c:\program files\Image-Line2009-06-28 16:07 . 2007-10-08 12:06	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-06-28 16:07 . 2009-05-01 14:03	--------	d-----w-	c:\program files\Ontrack2009-06-28 16:02 . 2009-01-26 12:40	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Any Video Converter2009-06-22 08:29 . 2009-04-24 10:20	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Hamachi2009-06-16 10:52 . 2008-05-13 12:35	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\gtk-2.02009-06-16 08:18 . 2008-03-07 14:30	--------	d-----w-	c:\program files\Ganymede2009-06-15 16:19 . 2008-12-05 20:10	--------	d-----w-	c:\program files\Google2009-06-13 07:38 . 2008-04-27 19:19	73632	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT2009-06-09 15:01 . 2009-06-01 10:21	--------	d-----w-	c:\program files\Nowe Gadu-Gadu2009-06-09 12:19 . 2009-06-09 12:19	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Noth22009-06-09 12:16 . 2009-06-09 12:16	--------	d-----w-	c:\program files\NotH2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll2009-05-13 18:52 . 2009-01-22 21:07	--------	d-----w-	c:\program files\NAPI-PROJEKT2009-05-07 15:44 . 2003-04-16 12:00	346112	----a-w-	c:\windows\system32\localspl.dll2009-04-24 10:19 . 2009-04-24 10:19	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys2009-04-19 20:11 . 2003-04-16 12:00	1846912	----a-w-	c:\windows\system32\win32k.sys2009-04-17 10:31 . 2003-04-16 12:00	85464	----a-w-	c:\windows\system32\perfc015.dat2009-04-17 10:31 . 2003-04-16 12:00	494500	----a-w-	c:\windows\system32\perfh015.dat2009-04-15 15:18 . 2003-04-16 12:00	584192	----a-w-	c:\windows\system32\rpcrt4.dll2009-03-24 18:49 . 2008-08-01 18:42	88	--sh--r-	c:\windows\system32\35BED777D0.sys2008-08-01 18:45 . 2008-08-01 18:45	8	--sh--r-	c:\windows\system32\CD6B4D2B66.sys2009-03-24 18:49 . 2008-08-01 18:35	2516	--sha-w-	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-11-18 10:58	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="rem" [X]"Vidalia"="rem" [X]"DAEMON Tools Lite"="rem" [X]"ALLUpdate"="rem" [X]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Google Update"="c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-05-04 133104][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="rem" [X]"Sony Ericsson PC Suite"="rem" [X]"HPDJ Taskbar Utility"="rem" [X]"DeviceDiscovery"="rem" [X]"SunJavaUpdateSched"="rem" [X]"SSBkgdUpdate"="rem" [X]"PaperPort PTD"="rem" [X]"IndexSearch"="rem" [X]"BrMfcWnd"="rem" [X]"ControlCenter3"="rem" [X]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-10-8 589824][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\BearShare\\BearShare.exe"="c:\\Soldat\\Soldat.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Documents and Settings\\Kuba\\Pulpit\\MySpaceMp3Gopher.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Last.fm\\LastFM.exe"="c:\\Program Files\\Free Music Zilla\\FMZilla.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="c:\\totalcmd\\TOTALCMD.EXE"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-07-11 114768]S2 AlerterALG;Urządzenie alarmowe AlerterALG;c:\windows\system32\wpv911247394954.exe service --> c:\windows\system32\wpv911247394954.exe service [?]S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-07-11 20560]S3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-05-12 4096]S3 KS-959;MA-620 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-11-28 19034].Zawartość folderu 'Zaplanowane zadania'2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004Core.job- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-04 10:28]2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004UA.job- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-04 10:28].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-PPort11reminder - rem c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exeHKLM-Run-Regedit32 - c:\windows\system32\regedit.exeHKLM-Run-17704774 - c:\documents and settings\All Users\Dane aplikacji\17704774\17704774.exeHKLM-Run-NvCplDaemon - rem RUNDLL32.EXEHKLM-Run-nwiz - rem nwiz.exeHKLM-Run-NvMediaCenter - rem RUNDLL32.EXE.------- Skan uzupełniający -------.uStart Page = hxxp://search.bearshare.com/uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = 168.215.123.44:8080uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: {78FA7B7A-F7DE-4EB2-ABFE-0DAAB60306DA} = 192.168.0.1FF - ProfilePath - c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\wappau4a.default\FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dllFF - plugin: c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS70.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDSSINGLE.dllFF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",	  5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-12 17:39Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(572)c:\windows\System32\l3codeca.acmc:\windows\system32\vorbis.acm- - - - - - - > 'explorer.exe'(1712)c:\windows\system32\ieframe.dll.Czas ukończenia: 2009-07-12 17:45 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-12 15:44ComboFix2.txt  2008-09-18 17:16Przed: 1,258,905,600 bajtów wolnychPo: 1,198,657,536 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn273	--- E O F ---	2009-06-12 07:09[/codebox]EDIT:Uruchomiłem system w normalnym trybie, system security się nie włącza, ale niepokoją mnie procesy wpv911247394954.exe , zrobilem log z HJT.[codebox]Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:53, on 2009-07-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exeC:\Program Files\RALINK\Common\RaUI.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\setup\avast.setupC:\WINDOWS\system32\wpv911247394954.exeC:\WINDOWS\system32\wpv911247394954.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.215.123.44:8080R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [GrooveMonitor] rem "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [sony Ericsson PC Suite] rem "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [HPDJ Taskbar Utility] rem C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [DeviceDiscovery] rem C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] rem "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [sSBkgdUpdate] rem "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [PaperPort PTD] rem "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"O4 - HKLM\..\Run: [indexSearch] rem "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [brMfcWnd] rem C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNO4 - HKLM\..\Run: [ControlCenter3] rem C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorunO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Vidalia] rem "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] rem "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [ALLUpdate] rem "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{78FA7B7A-F7DE-4EB2-ABFE-0DAAB60306DA}: NameServer = 192.168.0.1O17 - HKLM\System\CS1\Services\Tcpip\..\{78FA7B7A-F7DE-4EB2-ABFE-0DAAB60306DA}: NameServer = 192.168.0.1O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Urządzenie alarmowe AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\system32\wpv911247394954.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO24 - Desktop Component 0: (no name) - http://www.runescape.com/a=12/img/main/kba...s_1280x1024.jpg--End of file - 7390 bytes
Gość
komentarz
komentarz

Wklej do Notatnika:

File::c:\windows\system32\wpv911247394954.exeFolder::c:\program files\AskBarDisDriver::AlerterALGRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

xad
komentarz
komentarz (edytowane)
ComboFix 09-07-11.02 - Kuba 2009-07-12 20:10.4.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.255.89 [GMT 2:00]Uruchomiony z: c:\documents and settings\Kuba\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Kuba\Pulpit\CFScript.txtAV: avast! antivirus 4.8.1335 [VPS 090711-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Utworzono nowy punkt przywracaniaFILE ::"c:\windows\system32\wpv911247394954.exe".(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\AskBarDisc:\program files\AskBarDis\bar\bin\askBar.dllc:\program files\AskBarDis\bar\bin\askPopStp.dllc:\program files\AskBarDis\bar\bin\psvince.dllc:\program files\AskBarDis\bar\Cache\0010CB44c:\program files\AskBarDis\bar\Cache\0010CFB0.binc:\program files\AskBarDis\bar\Cache\0010D26D.binc:\program files\AskBarDis\bar\Cache\0010D50C.binc:\program files\AskBarDis\bar\Cache\0010D66A.binc:\program files\AskBarDis\bar\Cache\0010D7F1.binc:\program files\AskBarDis\bar\Cache\0010D959.binc:\program files\AskBarDis\bar\Cache\0010DACC.binc:\program files\AskBarDis\bar\Cache\0010DC48.binc:\program files\AskBarDis\bar\Cache\0010DDB1.binc:\program files\AskBarDis\bar\Cache\0010DF6A.binc:\program files\AskBarDis\bar\Cache\files.inic:\program files\AskBarDis\bar\History\searchc:\program files\AskBarDis\bar\Settings\config.datc:\program files\AskBarDis\bar\Settings\config.dat.bakc:\program files\AskBarDis\bar\Settings\prevcfg.htmc:\program files\AskBarDis\bar\Settings\prevCfg2.htmc:\program files\AskBarDis\PopSwatter\History\allowedc:\program files\AskBarDis\PopSwatter\History\notallowc:\program files\AskBarDis\unins000.datc:\program files\AskBarDis\unins000.exec:\windows\system32\wpv911247394954.exe.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ALERTERALG-------\Service_AlerterALG(((((((((((((((((((((((((   Pliki utworzone od 2009-06-12 do 2009-07-12  ))))))))))))))))))))))))))))))).2009-07-12 14:11 . 2009-07-12 14:11	--------	d-----w-	c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes2009-07-12 14:11 . 2009-06-17 09:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys2009-07-12 14:11 . 2009-07-12 14:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware2009-07-12 14:11 . 2009-06-17 09:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys2009-07-12 14:07 . 2009-07-12 14:07	--------	d-----w-	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla2009-07-12 14:04 . 2009-07-12 14:04	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2009-07-12 11:51 . 2009-07-12 11:51	--------	d-----w-	c:\program files\Trend Micro2009-07-12 10:46 . 2009-07-12 10:46	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Malwarebytes2009-07-12 10:46 . 2009-07-12 10:46	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-07-11 20:23 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys2009-07-11 20:23 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys2009-07-11 19:52 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys2009-07-11 19:52 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys2009-07-11 19:52 . 2009-02-05 20:05	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys2009-07-11 19:52 . 2009-02-05 20:08	93296	----a-w-	c:\windows\system32\drivers\aswmon.sys2009-07-11 19:52 . 2009-02-05 20:08	94032	----a-w-	c:\windows\system32\drivers\aswmon2.sys2009-07-11 19:51 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe2009-07-11 19:51 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AVASTSS.scr2009-07-04 09:21 . 2009-07-04 09:22	--------	d-----w-	C:\totalcmd2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\UC.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\RAR.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\PKZIP.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\PKUNZIP.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\NOCLOSE.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\LHA.PIF2009-07-04 09:21 . 2008-08-08 05:04	545	----a-w-	c:\windows\ARJ.PIF2009-06-25 12:14 . 2009-07-04 09:43	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Download Manager2009-06-22 11:37 . 2009-06-22 11:37	--------	d-----w-	c:\program files\Lavalys2009-06-18 13:01 . 2009-06-18 13:17	98304	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Soldat\Battleye\BEClient.dll2009-06-18 13:01 . 2009-03-28 17:52	94208	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Soldat\Battleye\BEServer.dll2009-06-18 12:40 . 2009-06-11 21:08	2796516	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\wappau4a.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll2009-06-18 12:17 . 2009-06-18 12:26	--------	d-----w-	c:\program files\kED2009-06-15 20:36 . 2009-06-15 20:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\E3462009-06-15 13:47 . 2009-06-15 13:47	--------	d-----w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google2009-06-13 08:13 . 2009-06-13 08:13	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\GRETECH2009-06-13 08:12 . 2009-06-13 08:12	--------	d-----w-	c:\program files\GRETECH2009-06-13 07:39 . 2009-06-13 07:47	--------	d-----w-	C:\My Videos2009-06-13 07:38 . 2009-06-13 07:38	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Apowersoft.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-10 13:59 . 2008-03-07 14:32	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\GanymedeNet2009-07-07 18:40 . 2008-07-01 15:08	34	----a-w-	c:\documents and settings\Kuba\jagex_runescape_preferences.dat2009-06-30 08:56 . 2008-09-11 14:24	--------	d-----w-	c:\program files\Image-Line2009-06-28 16:07 . 2007-10-08 12:06	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-06-28 16:07 . 2009-05-01 14:03	--------	d-----w-	c:\program files\Ontrack2009-06-28 16:02 . 2009-01-26 12:40	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Any Video Converter2009-06-22 08:29 . 2009-04-24 10:20	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Hamachi2009-06-16 10:52 . 2008-05-13 12:35	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\gtk-2.02009-06-16 08:18 . 2008-03-07 14:30	--------	d-----w-	c:\program files\Ganymede2009-06-15 16:19 . 2008-12-05 20:10	--------	d-----w-	c:\program files\Google2009-06-13 07:38 . 2008-04-27 19:19	73632	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT2009-06-09 15:01 . 2009-06-01 10:21	--------	d-----w-	c:\program files\Nowe Gadu-Gadu2009-06-09 12:19 . 2009-06-09 12:19	--------	d-----w-	c:\documents and settings\Kuba\Dane aplikacji\Noth22009-06-09 12:16 . 2009-06-09 12:16	--------	d-----w-	c:\program files\NotH2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll2009-05-13 18:52 . 2009-01-22 21:07	--------	d-----w-	c:\program files\NAPI-PROJEKT2009-05-07 15:44 . 2003-04-16 12:00	346112	----a-w-	c:\windows\system32\localspl.dll2009-04-24 10:19 . 2009-04-24 10:19	25280	----a-w-	c:\windows\system32\drivers\hamachi.sys2009-04-19 20:11 . 2003-04-16 12:00	1846912	----a-w-	c:\windows\system32\win32k.sys2009-04-17 10:31 . 2003-04-16 12:00	85464	----a-w-	c:\windows\system32\perfc015.dat2009-04-17 10:31 . 2003-04-16 12:00	494500	----a-w-	c:\windows\system32\perfh015.dat2009-04-15 15:18 . 2003-04-16 12:00	584192	----a-w-	c:\windows\system32\rpcrt4.dll2009-03-24 18:49 . 2008-08-01 18:42	88	--sh--r-	c:\windows\system32\35BED777D0.sys2008-08-01 18:45 . 2008-08-01 18:45	8	--sh--r-	c:\windows\system32\CD6B4D2B66.sys2009-03-24 18:49 . 2008-08-01 18:35	2516	--sha-w-	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((   SnapShot@2009-07-12_15.39.33   ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-12 18:21 . 2009-07-12 18:21	16384			  c:\windows\temp\Perflib_Perfdata_66c.dat+ 2009-07-12 18:01 . 2009-07-12 18:01	16384			  c:\windows\temp\Perflib_Perfdata_668.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="rem" [X]"Vidalia"="rem" [X]"DAEMON Tools Lite"="rem" [X]"ALLUpdate"="rem" [X]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Google Update"="c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-05-04 133104][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GrooveMonitor"="rem" [X]"Sony Ericsson PC Suite"="rem" [X]"HPDJ Taskbar Utility"="rem" [X]"DeviceDiscovery"="rem" [X]"SunJavaUpdateSched"="rem" [X]"SSBkgdUpdate"="rem" [X]"PaperPort PTD"="rem" [X]"IndexSearch"="rem" [X]"BrMfcWnd"="rem" [X]"ControlCenter3"="rem" [X]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-10-8 589824][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\BearShare\\BearShare.exe"="c:\\Soldat\\Soldat.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Documents and Settings\\Kuba\\Pulpit\\MySpaceMp3Gopher.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Last.fm\\LastFM.exe"="c:\\Program Files\\Free Music Zilla\\FMZilla.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="c:\\totalcmd\\TOTALCMD.EXE"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-07-11 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-07-11 20560]R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-05-12 4096]S3 KS-959;MA-620 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2007-11-28 19034].Zawartość folderu 'Zaplanowane zadania'2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004Core.job- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-04 10:28]2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1060284298-1819665683-1004UA.job- c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-04 10:28]..------- Skan uzupełniający -------.uStart Page = hxxp://search.bearshare.com/uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = 168.215.123.44:8080uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: {78FA7B7A-F7DE-4EB2-ABFE-0DAAB60306DA} = 192.168.0.1FF - ProfilePath - c:\documents and settings\Kuba\Dane aplikacji\Mozilla\Firefox\Profiles\wappau4a.default\FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\documents and settings\Kuba\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dllFF - plugin: c:\documents and settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS70.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDSSINGLE.dllFF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",	  5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",	 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",	true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",	 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",	   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",	true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",				 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",				true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",			   false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",			   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",				 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",				   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",				true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",			 false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",			false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",	false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-12 20:23Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(3668)c:\windows\system32\webcheck.dllc:\windows\system32\IEFRAME.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\windows\system32\PSIService.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\program files\Alwil Software\Avast4\Setup\avast.setup.**************************************************************************.Czas ukończenia: 2009-07-12 20:32 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-12 18:32ComboFix2.txt  2009-07-12 15:45ComboFix3.txt  2008-09-18 17:16Przed: 902,135,808 bajtów wolnychPo: 892,329,984 bajtów wolnych291	--- E O F ---	2009-06-12 07:09

Wydaje się, że wszystko jest w porządku. Mam jeszcze jedno pytanie: czy to normalne, że uruchomionych jest tyle procesów svchost.exe? Zawsze wydawało mi się to dziwne.

Gość
komentarz
komentarz

Wypowiadaj się z sensem.!

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Użyj programu Malwarebytes.

Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok.

Wrzuć wygenerowany raport po usuwaniu MBAMem.

3. Przeskanuj obszar "Mój Komputer" http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

xad
komentarz
komentarz (edytowane)

Przeskanowałem programem Anti-Malware, znalazł 1 zainfekowany plik, jednak musialem zrobic restart komputera i nie wiem gdzie znaleźć log. Zapsiał się on gdzieś, czy można go jakoś odzyskać. (teraz Anti Malware nie chce się włączyć, wyskakuje błąd w rodzaju "Błąd ładowania bazy definicji, linia jakaśtam")

Gość
komentarz
komentarz

Jeżeli usunąłeś to znaczy, że jest OK.

.

xad
komentarz
komentarz

A te procesy svchost.exe? Mam ich teraz uruchomionych 8. To normalne?

Psycholandia
komentarz
komentarz

To normalne.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.