x-kom hosting

[Rozwiązany] log z hijackThis

petZor
utworzono
utworzono

Witam. To mój pierwszy post więc proszę o wyrozumiałość :) Chciałbym prosić kogoś żeby spojrzał na ten log i powiedział mi co mogę zrobić, żeby nie było tyle procesów. Ewentualnie mógłbym dodatkowo coś dorzucić co da więcej informacji o systemie.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:00:07, on 2008-08-04Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeD:\BearShare\BearShare.exeC:\Program Files\TuneUp Utilities 2008\DriveDefrag.exeC:\WINDOWS\System32\TuneUpDefragService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO1 - Hosts: 127.255.255.255 serial.alcohol-soft.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exeO23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe--End of file - 8047 bytes

Mateusz J.
komentarz
komentarz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\winlogon.exeO4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')

Fix.

Masz wirusa, pokaż log z CobmoFix.

petZor
komentarz
komentarz

proszę, będę wdzięczny jeżeli ktoś mi pomoże krok po kroku naprawić. dziś już niestety nie usiądę do komputera bo to nie mój :) ale za godzinkę będę u siebie wiec wejdę na forum. Pozdrawiam

ComboFix 08-08-03.05 - komputer 2008-08-04 17:20:50.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.176 [GMT 2:00]Running from: C:\Documents and Settings\komputer\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\myglobalsearchC:\WINDOWS\winlogon.exe.(((((((((((((((((((((((((   Files Created from 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))).2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--hs----	C:\WINDOWS\system32\dllcache2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-08-04 16:59 . 2008-08-04 16:59	<DIR>	d--------	C:\Program Files\Trend Micro2008-08-03 19:29 . 2008-08-03 19:29	<DIR>	d--------	C:\Program Files\iTunes2008-08-03 19:29 . 2008-08-03 19:29	<DIR>	d--------	C:\Program Files\iPod2008-08-03 19:29 . 2008-08-03 19:34	<DIR>	d--------	C:\Documents and Settings\komputer\Dane aplikacji\Apple Computer2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\QuickTime2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Common Files\Apple2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Bonjour2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Apple Software Update2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-03 19:27 . 2008-08-03 19:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple2008-08-02 19:34 . 2008-08-02 19:34	<DIR>	d--------	C:\Documents and Settings\komputer\Dane aplikacji\Grisoft2008-08-02 19:31 . 2008-08-02 19:31	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Grisoft2008-08-02 19:31 . 2007-05-30 14:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys2008-08-01 12:34 . 2008-08-01 12:36	<DIR>	d--------	C:\Program Files\Prime952008-07-19 19:21 . 2008-07-19 19:21	<DIR>	d--------	C:\Program Files\Sun2008-07-18 11:43 . 2008-07-18 11:43	7,168	--ahs----	C:\WINDOWS\Thumbs.db2008-07-17 18:06 . 2008-07-17 19:13	<DIR>	d--------	C:\Program Files\GoldWave2008-07-16 01:09 . 2008-07-16 01:09	42,320	--a------	C:\WINDOWS\system32\xfcodec.dll2008-07-15 17:03 . 2008-07-15 18:15	<DIR>	d--------	C:\Program Files\SONY2008-07-15 16:52 . 2008-07-15 16:52	0	--a------	C:\WINDOWS\DVEdit.INI2008-07-15 16:47 . 2001-09-13 02:15	90,112	---------	C:\WINDOWS\snymsico.dll2008-07-15 16:47 . 2002-11-28 21:23	39,048	--a------	C:\WINDOWS\system32\drivers\IcdUsb2.sys2008-07-15 16:47 . 2003-10-01 17:44	31,744	--a------	C:\WINDOWS\system32\drivers\IcdSX.sys2008-07-15 16:47 . 2001-10-31 13:20	26,409	--a------	C:\WINDOWS\system32\drivers\Icdusb.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-02 17:41	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\Xfire2008-08-01 21:02	---------	d-----w	C:\Program Files\SubEdit-Player2008-08-01 10:31	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\uTorrent2008-08-01 08:52	136,888	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-08-01 08:24	---------	d-----w	C:\Program Files\Xfire2008-07-19 17:21	---------	d-----w	C:\Program Files\Java2008-07-15 14:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-22 17:31	---------	d-----w	C:\Program Files\nLite2008-06-21 18:58	---------	d-----w	C:\Program Files\uTorrent2008-06-17 09:17	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\teamspeak22008-06-16 10:10	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\Ventrilo2008-06-16 08:44	---------	d-----w	C:\Program Files\Ventrilo Mix2008-06-13 19:42	---------	d-----w	C:\Program Files\Passware2008-06-11 18:24	22,328	----a-w	C:\Documents and Settings\komputer\Dane aplikacji\PnkBstrK.sys2008-06-07 22:53	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\dvdcss2007-10-09 16:45	235	----a-w	C:\Program Files\INSTALL.INI.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 18:47 827392]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 16:14:00 561213]Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoInstrumentation"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll"msacm.divxa32"= divxa32.acm"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\GRY\\Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Xfire\\xfire.exe"="D:\\GRY\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\GRY\\cod4\\iw3mp.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"=R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:44]R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19]S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-07 19:07]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 18:19]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Majsterek-pc#E]\Shell\AutoRun\command - Z:\Setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52785a80-baad-11dc-b11e-001cbf68e3af}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe.Contents of the 'Scheduled Tasks' folder2008-08-04 C:\WINDOWS\Tasks\1-Click Maintenance.job- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 15:24]2008-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\komputer\Dane aplikacji\Mozilla\Firefox\Profiles\k4tlztgn.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-04 17:24:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\ati2evxx.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\notepad.exe.**************************************************************************.Completion time: 2008-08-04 17:26:41 - machine was rebootedComboFix-quarantined-files.txt  2008-08-04 15:26:39Pre-Run: 18,063,642,624 bajtów wolnychPost-Run: 18,039,816,192 bajt˘w wolnych175
snip91
komentarz
komentarz

Do notatnika wklej:

Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\]

W notatniku zakładka Plik --> Zapisz jako --> zapisz pod nazwą CFScript.txt i zapisz go w tym samym katalogu, w którym jest ComboFix.

Wystartuj tryb awaryjny (F8 podczas ładowania systemu). Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt tak, jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum.

Po restarcie usuń ręcznie folder C:\Qoobox.

petZor
komentarz
komentarz

Zrobiłem tak jak napisałeś, poniżej wklejam log. Czekam na dalsze wskazówki o ile jest jeszcze coś co mogę naprawić. pozdrawiam

ComboFix 08-08-03.05 - komputer 2008-08-05 18:25:52.2 - NTFSx86 MINIMALMicrosoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.803 [GMT 2:00]Running from: C:\Documents and Settings\komputer\Pulpit\combofix\ComboFix.exeCommand switches used :: C:\Documents and Settings\komputer\Pulpit\combofix\CFScript.txt[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((   Files Created from 2008-07-05 to 2008-08-05  ))))))))))))))))))))))))))))))).2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--hs----	C:\WINDOWS\system32\dllcache2008-08-04 17:23 . 2008-08-04 17:23	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-08-04 16:59 . 2008-08-04 16:59	<DIR>	d--------	C:\Program Files\Trend Micro2008-08-03 19:29 . 2008-08-03 19:29	<DIR>	d--------	C:\Program Files\iTunes2008-08-03 19:29 . 2008-08-03 19:29	<DIR>	d--------	C:\Program Files\iPod2008-08-03 19:29 . 2008-08-03 19:34	<DIR>	d--------	C:\Documents and Settings\komputer\Dane aplikacji\Apple Computer2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\QuickTime2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Common Files\Apple2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Bonjour2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Program Files\Apple Software Update2008-08-03 19:28 . 2008-08-03 19:28	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-08-03 19:27 . 2008-08-03 19:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple2008-08-02 19:34 . 2008-08-02 19:34	<DIR>	d--------	C:\Documents and Settings\komputer\Dane aplikacji\Grisoft2008-08-02 19:31 . 2008-08-02 19:31	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Grisoft2008-08-02 19:31 . 2007-05-30 14:10	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys2008-08-01 12:34 . 2008-08-01 12:36	<DIR>	d--------	C:\Program Files\Prime952008-07-19 19:21 . 2008-07-19 19:21	<DIR>	d--------	C:\Program Files\Sun2008-07-18 11:43 . 2008-07-18 11:43	7,168	--ahs----	C:\WINDOWS\Thumbs.db2008-07-17 18:06 . 2008-07-17 19:13	<DIR>	d--------	C:\Program Files\GoldWave2008-07-16 01:09 . 2008-07-16 01:09	42,320	--a------	C:\WINDOWS\system32\xfcodec.dll2008-07-15 17:03 . 2008-07-15 18:15	<DIR>	d--------	C:\Program Files\SONY2008-07-15 16:52 . 2008-07-15 16:52	0	--a------	C:\WINDOWS\DVEdit.INI2008-07-15 16:47 . 2001-09-13 02:15	90,112	---------	C:\WINDOWS\snymsico.dll2008-07-15 16:47 . 2002-11-28 21:23	39,048	--a------	C:\WINDOWS\system32\drivers\IcdUsb2.sys2008-07-15 16:47 . 2003-10-01 17:44	31,744	--a------	C:\WINDOWS\system32\drivers\IcdSX.sys2008-07-15 16:47 . 2001-10-31 13:20	26,409	--a------	C:\WINDOWS\system32\drivers\Icdusb.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-02 17:41	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\Xfire2008-08-01 21:02	---------	d-----w	C:\Program Files\SubEdit-Player2008-08-01 10:31	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\uTorrent2008-08-01 08:52	136,888	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys2008-08-01 08:24	---------	d-----w	C:\Program Files\Xfire2008-07-19 17:21	---------	d-----w	C:\Program Files\Java2008-07-15 14:47	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-06-22 17:31	---------	d-----w	C:\Program Files\nLite2008-06-21 18:58	---------	d-----w	C:\Program Files\uTorrent2008-06-17 09:17	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\teamspeak22008-06-16 10:10	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\Ventrilo2008-06-16 08:44	---------	d-----w	C:\Program Files\Ventrilo Mix2008-06-13 19:42	---------	d-----w	C:\Program Files\Passware2008-06-11 18:24	22,328	----a-w	C:\Documents and Settings\komputer\Dane aplikacji\PnkBstrK.sys2008-06-07 22:53	---------	d-----w	C:\Documents and Settings\komputer\Dane aplikacji\dvdcss2007-10-09 16:45	235	----a-w	C:\Program Files\INSTALL.INI.(((((((((((((((((((((((((((((   snapshot@2008-08-04_17.26.26.20   ))))))))))))))))))))))))))))))))))))))))).+ 2008-03-25 02:32:44	218,496	----a-r	C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe+ 2008-08-04 15:40:31	74,137	----a-w	C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe- 2008-08-04 10:40:26	244,546	----a-w	C:\WINDOWS\system32\perfc009.dat+ 2008-08-05 16:27:36	246,096	----a-w	C:\WINDOWS\system32\perfc009.dat- 2008-08-04 10:40:26	296,228	----a-w	C:\WINDOWS\system32\perfc015.dat+ 2008-08-05 16:27:36	298,030	----a-w	C:\WINDOWS\system32\perfc015.dat- 2008-08-04 10:40:26	666,602	----a-w	C:\WINDOWS\system32\perfh009.dat+ 2008-08-05 16:27:36	668,920	----a-w	C:\WINDOWS\system32\perfh009.dat- 2008-08-04 10:40:26	828,320	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2008-08-05 16:27:36	831,486	----a-w	C:\WINDOWS\system32\perfh015.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:23 221568][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 18:47 827392]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 16:14:00 561213]Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoInstrumentation"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.YV12"= yv12vfw.dll"msacm.divxa32"= divxa32.acm"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages	REG_MULTI_SZ   	msv1_0 nwprovau[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\GRY\\Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Xfire\\xfire.exe"="D:\\GRY\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="D:\\BearShare\\BearShare.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\GRY\\cod4\\iw3mp.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\iTunes\\iTunes.exe"=R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:44]R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 19:19]S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 21:23]S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-07 19:07]S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 18:19]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder2008-08-05 C:\WINDOWS\Tasks\1-Click Maintenance.job- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 15:24]2008-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-05 18:30:38Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\ati2evxx.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\ati2evxx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exeC:\Program Files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2008-08-05 18:33:30 - machine was rebootedComboFix-quarantined-files.txt  2008-08-05 16:33:28ComboFix2.txt  2008-08-04 15:26:42Pre-Run: 17,630,601,216 bajtów wolnychPost-Run: 17,634,611,200 bajt˘w wolnych172
Mateusz J.
komentarz
komentarz

Czysto.

petZor
komentarz
komentarz

Dzięki wielkie. Temat do zamknięcia.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.