cichy pszczółek utworzono 19 września 2008 utworzono 19 września 2008 Witam, Laik ze mnie straszny, ale z tego co wyczytałem potrzebny mi zapis z hijack oraz z combofix by usunąć problem. Z wiekszoscia "wirusow" dal sobie rade program antywirusowy , reszta pozostaje wciaz aktualna. bede bardzo wdzieczny za pomoc w usunieciu komunikatu " you have a security problem". Byłbym także bardzo wdzięczny jesli pomozecie mi krok po kroku. Serdeczne dzieki ponizej zapisy: ComboFix 08-09-16.05 - Administrator 2008-09-19 19:02:54.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.263 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator\ravmonlogC:\WINDOWS\a.batC:\WINDOWS\base64.tmpC:\WINDOWS\bdn.comC:\WINDOWS\Downloaded Program Files\UGDCPL_0001_N122M2012NetInstaller.exeC:\WINDOWS\FVProtect.exeC:\WINDOWS\iTunesMusic.exeC:\WINDOWS\mslagentC:\WINDOWS\mssecu.exeC:\WINDOWS\system32\akttzn.exeC:\WINDOWS\system32\anticipator.dllC:\WINDOWS\system32\awtoolb.dllC:\WINDOWS\system32\bdn.comC:\WINDOWS\system32\dpcproxy.exeC:\WINDOWS\system32\h@tkeysh@@k.dllC:\WINDOWS\system32\hoproxy.dllC:\WINDOWS\system32\hxiwlgpm.datC:\WINDOWS\system32\hxiwlgpm.exeC:\WINDOWS\system32\msgp.exeC:\WINDOWS\system32\msnbho.dllC:\WINDOWS\system32\mssecu.exeC:\WINDOWS\system32\mtr2.exeC:\WINDOWS\system32\mwin32.exeC:\WINDOWS\system32\netode.exeC:\WINDOWS\system32\newsd32.exeC:\WINDOWS\system32\ps1.exeC:\WINDOWS\system32\psoft1.exeC:\WINDOWS\system32\regm64.dllC:\WINDOWS\system32\Rundl1.exeC:\WINDOWS\system32\smpC:\WINDOWS\system32\smp\msrc.exeC:\WINDOWS\system32\ssvchost.exeC:\WINDOWS\system32\sysreq.exeC:\WINDOWS\system32\taack.datC:\WINDOWS\system32\taack.exeC:\WINDOWS\system32\temp#01.exeC:\WINDOWS\system32\VBIEWER.OCXC:\WINDOWS\system32\winlogonpc.exeC:\WINDOWS\system32\winsystem.exeC:\WINDOWS\system32\WINWGPX.EXEC:\WINDOWS\userconfig9x.dllC:\WINDOWS\zip1.tmpC:\WINDOWS\zip2.tmpC:\WINDOWS\zip3.tmpC:\WINDOWS\zipped.tmp.((((((((((((((((((((((((( Pliki utworzone od 2008-08-19 do 2008-09-19 ))))))))))))))))))))))))))))))).2008-09-19 17:27 . 2008-09-19 18:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53 <DIR> d-------- C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-19 19:08 121 --a------ C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\Common Files\BitDefender2008-09-19 15:12 . 2008-09-19 17:23 <DIR> d-------- C:\Program Files\SAV2008-09-19 15:12 . 2008-09-19 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi2008-09-19 15:12 . 2008-09-19 15:12 90,112 --a------ C:\WINDOWS\system32\stcjqlmr.exe2008-09-19 11:50 . 2008-09-19 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43 <DIR> d-------- C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35 156 --a------ C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35 3 --a------ C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35 0 --a------ C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08 <DIR> d-------- C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21 <DIR> d-------- C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21 294 --a------ C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02 <DIR> d-------- C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24 <DIR> d-------- C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51 <DIR> d-------- C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14 <DIR> d-------- C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33 <DIR> d-------- C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-19 19:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16 6,582,272 --a------ C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21 <DIR> d-------- C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06 <DIR> d-------- C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03 <DIR> d-------- C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57 <DIR> dr-h-c--- C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44 <DIR> d----c--- C:\Office 2007 PL - rar.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-19 17:08 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin2008-09-19 14:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-18 09:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28 --------- d-----w C:\Program Files\Canon2008-09-06 18:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03 --------- d-----w C:\Program Files\Google2008-09-05 20:02 --------- d-----w C:\Program Files\Winamp2008-09-05 20:01 --------- d-----w C:\Program Files\ArcSoft2008-08-27 10:06 --------- d-----w C:\Program Files\MSBuild2008-08-23 13:57 --------- d-----w C:\Program Files\Common Files\Softwin2008-08-09 11:05 --------- d-----w C:\Program Files\IrfanView2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10 14 -c--a-w C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05 22,328 -c--a-w C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"TBPanel"="C:\Program Files\VDOTool\TBPanel.exe" [2008-06-04 2157096]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]"ProcSys"="C:\WINDOWS\system32\stcjqlmr.exe" [2008-09-19 90112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 716800]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"eC4Crbr0c9"="C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exe" [2008-09-19 65536][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad54070-19f8-11dd-820d-001bd7c52330}]\Shell\AutoRun\command - G:\d.cmd\Shell\explore\Command - G:\d.cmd\Shell\open\Command - G:\d.cmd[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcdfa93-f33f-11dc-8142-001bd7c52330}]\Shell\AutoRun\command - 3g08.bat\Shell\explore\Command - 3g08.bat\Shell\open\Command - 3g08.bat*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeHKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exeHKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\u9ewn4dl.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.pajacyk.pl/index.phpFF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dllFF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dllFF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-19 19:08:32Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.Czas ukończenia: 2008-09-19 19:12:22ComboFix-quarantined-files.txt 2008-09-19 17:12:17Przed: 2,746,667,008 bajt˘w wolnychPo: 2,857,050,112 bajt˘w wolnych241 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:15:21, on 2008-09-19Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\BitDefender\BitDefender 2008\bdagent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\VDOTool\TBPanel.exeC:\Program Files\DNA\btdna.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\stcjqlmr.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2008\vsserv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Pulpit\HiJackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLLO3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [ProcSys] C:\WINDOWS\system32\stcjqlmr.exeO4 - HKLM\..\Policies\Explorer\Run: [eC4Crbr0c9] C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLLO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exeO23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe--End of file - 6993 bytes
Gość komentarz 19 września 2008 komentarz 19 września 2008 Wklej do Notatnika: File::C:\WINDOWS\system32\stcjqlmr.exeC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeG:\d.cmdC:\d.cmdFolder::C:\Program Files\SAVC:\Documents and Settings\All Users\Dane aplikacji\tyjytuviRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"=-"ProcSys"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"eC4Crbr0c9"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad54070-19f8-11dd-820d-001bd7c52330}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcdfa93-f33f-11dc-8142-001bd7c52330}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. //Usuwam drivery, które chciałeś usunąć //Są one poprawne //jesiona
cichy pszczółek komentarz 20 września 2008 Autor komentarz 20 września 2008 Z góry dziekuję djarta Ponizej zamieszczam log`a. mam nadzieje ze jest czysty. Rozumiem ze dopiero jesli log jest czysty, robie restart, i dopiero kasuje folder wskazany wczesniej. Raz jeszcze dzieki za szybka odpowiedz - nie spodziewalem sie pozdrawiam, ComboFix 08-09-16.05 - Administrator 2008-09-20 19:47:23.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.231 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Dane aplikacji\tyjytuviC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeC:\Program Files\SAVC:\Program Files\SAV\sav0.datC:\Program Files\SAV\sav1.datC:\WINDOWS\system32\blphcp58j0egav.scrC:\WINDOWS\system32\lphcp58j0egav.exeC:\WINDOWS\system32\phcp58j0egav.bmpC:\WINDOWS\system32\stcjqlmr.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-08-20 do 2008-09-20 ))))))))))))))))))))))))))))))).2008-09-19 21:15 . 2008-09-19 21:15 86,016 --a------ C:\WINDOWS\system32\qpabwjab.exe2008-09-19 17:27 . 2008-09-19 18:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53 <DIR> d-------- C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-20 19:51 121 --a------ C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\Common Files\BitDefender2008-09-19 11:50 . 2008-09-19 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43 <DIR> d-------- C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35 156 --a------ C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35 3 --a------ C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35 0 --a------ C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08 <DIR> d-------- C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21 <DIR> d-------- C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21 294 --a------ C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02 <DIR> d-------- C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24 <DIR> d-------- C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51 <DIR> d-------- C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14 <DIR> d-------- C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33 <DIR> d-------- C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-20 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16 6,582,272 --a------ C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21 <DIR> d-------- C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06 <DIR> d-------- C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03 <DIR> d-------- C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57 <DIR> dr-h-c--- C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44 <DIR> d----c--- C:\Office 2007 PL - rar.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-20 17:52 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin2008-09-19 14:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-18 09:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28 --------- d-----w C:\Program Files\Canon2008-09-06 18:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03 --------- d-----w C:\Program Files\Google2008-09-05 20:02 --------- d-----w C:\Program Files\Winamp2008-09-05 20:01 --------- d-----w C:\Program Files\ArcSoft2008-08-27 10:06 --------- d-----w C:\Program Files\MSBuild2008-08-23 13:57 --------- d-----w C:\Program Files\Common Files\Softwin2008-08-09 11:05 --------- d-----w C:\Program Files\IrfanView2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10 14 -c--a-w C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05 22,328 -c--a-w C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]"uidscmsg"="C:\WINDOWS\system32\qpabwjab.exe" [2008-09-19 86016][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan.- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-lphcp58j0egav - C:\WINDOWS\system32\lphcp58j0egav.exeHKLM-Run-inrhct58j0egav - C:\Documents and Settings\Administrator\Ustawienia lokalne\temp\.tt15.tmp.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-20 19:53:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.------------------------ Pozostałe uruchomione procesy ------------------------.C:\WINDOWS\system32\rundll32.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2008\vsserv.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe.**************************************************************************.Czas ukończenia: 2008-09-20 19:59:09 - komputer został uruchomiony ponownie [Administrator]ComboFix-quarantined-files.txt 2008-09-20 17:59:01ComboFix2.txt 2008-09-19 17:12:24Przed: 3,736,526,848 bajt˘w wolnychPo: 3,736,342,528 bajt˘w wolnych197 // logi wstawiamy w tagi code // Tomek
Gość komentarz 20 września 2008 komentarz 20 września 2008 Wklej do Notatnika: File::C:\WINDOWS\system32\qpabwjab.exe >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
cichy pszczółek komentarz 21 września 2008 Autor komentarz 21 września 2008 witam, poniżej podaje loga wygenerowanego po 2gim sprawdzeniu. Wszystko udało się usunąć ? pozdrawiam, ComboFix 08-09-16.05 - Administrator 2008-09-20 21:59:02.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.284 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\qpabwjab.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-08-20 do 2008-09-20 ))))))))))))))))))))))))))))))).2008-09-19 17:27 . 2008-09-19 18:38 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31 <DIR> d-------- C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53 <DIR> d-------- C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-20 22:04 121 --a------ C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02 <DIR> d-------- C:\Program Files\Common Files\BitDefender2008-09-19 11:50 . 2008-09-19 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43 <DIR> d-------- C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35 156 --a------ C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35 3 --a------ C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35 0 --a------ C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08 <DIR> d-------- C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21 <DIR> d-------- C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21 294 --a------ C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02 <DIR> d-------- C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24 <DIR> d-------- C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51 <DIR> d-------- C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14 <DIR> d-------- C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33 <DIR> d-------- C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-20 22:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16 6,582,272 --a------ C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21 <DIR> d-------- C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06 <DIR> d-------- C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03 <DIR> d-------- C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57 <DIR> dr-h-c--- C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44 <DIR> d----c--- C:\Office 2007 PL - rar.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-20 20:04 81,984 -c--a-w C:\WINDOWS\system32\bdod.bin2008-09-19 14:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-09-18 09:35 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28 --------- d-----w C:\Program Files\Canon2008-09-06 18:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03 --------- d-----w C:\Program Files\Google2008-09-05 20:02 --------- d-----w C:\Program Files\Winamp2008-09-05 20:01 --------- d-----w C:\Program Files\ArcSoft2008-08-27 10:06 --------- d-----w C:\Program Files\MSBuild2008-08-23 13:57 --------- d-----w C:\Program Files\Common Files\Softwin2008-08-09 11:05 --------- d-----w C:\Program Files\IrfanView2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10 14 -c--a-w C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05 22,328 -c--a-w C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-uidscmsg - C:\WINDOWS\system32\qpabwjab.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-20 22:04:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.Czas ukończenia: 2008-09-20 22:08:09ComboFix-quarantined-files.txt 2008-09-20 20:08:02ComboFix2.txt 2008-09-20 17:59:12ComboFix3.txt 2008-09-19 17:12:24Przed: 3,700,211,712 bajt˘w wolnychPo: 3,705,028,608 bajt˘w wolnych171
Mateusz J. komentarz 21 września 2008 komentarz 21 września 2008 Log czysty. Wywal folder c:\QooBox W razie problemów zapraszam ponownie
cichy pszczółek komentarz 21 września 2008 Autor komentarz 21 września 2008 wielkie dzieki, odwalacie kawal dobrej roboty tutaj pozdrawiam,
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.