x-kom hosting

you have a security problem

cichy pszczółek
utworzono
utworzono

Witam,

Laik ze mnie straszny, ale z tego co wyczytałem potrzebny mi zapis z hijack oraz z combofix by usunąć problem. Z wiekszoscia "wirusow" dal sobie rade program antywirusowy ;), reszta pozostaje wciaz aktualna. bede bardzo wdzieczny za pomoc w usunieciu komunikatu " you have a security problem". Byłbym także bardzo wdzięczny jesli pomozecie mi krok po kroku. Serdeczne dzieki

ponizej zapisy:

ComboFix 08-09-16.05 - Administrator 2008-09-19 19:02:54.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.263 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator\ravmonlogC:\WINDOWS\a.batC:\WINDOWS\base64.tmpC:\WINDOWS\bdn.comC:\WINDOWS\Downloaded Program Files\UGDCPL_0001_N122M2012NetInstaller.exeC:\WINDOWS\FVProtect.exeC:\WINDOWS\iTunesMusic.exeC:\WINDOWS\mslagentC:\WINDOWS\mssecu.exeC:\WINDOWS\system32\akttzn.exeC:\WINDOWS\system32\anticipator.dllC:\WINDOWS\system32\awtoolb.dllC:\WINDOWS\system32\bdn.comC:\WINDOWS\system32\dpcproxy.exeC:\WINDOWS\system32\h@tkeysh@@k.dllC:\WINDOWS\system32\hoproxy.dllC:\WINDOWS\system32\hxiwlgpm.datC:\WINDOWS\system32\hxiwlgpm.exeC:\WINDOWS\system32\msgp.exeC:\WINDOWS\system32\msnbho.dllC:\WINDOWS\system32\mssecu.exeC:\WINDOWS\system32\mtr2.exeC:\WINDOWS\system32\mwin32.exeC:\WINDOWS\system32\netode.exeC:\WINDOWS\system32\newsd32.exeC:\WINDOWS\system32\ps1.exeC:\WINDOWS\system32\psoft1.exeC:\WINDOWS\system32\regm64.dllC:\WINDOWS\system32\Rundl1.exeC:\WINDOWS\system32\smpC:\WINDOWS\system32\smp\msrc.exeC:\WINDOWS\system32\ssvchost.exeC:\WINDOWS\system32\sysreq.exeC:\WINDOWS\system32\taack.datC:\WINDOWS\system32\taack.exeC:\WINDOWS\system32\temp#01.exeC:\WINDOWS\system32\VBIEWER.OCXC:\WINDOWS\system32\winlogonpc.exeC:\WINDOWS\system32\winsystem.exeC:\WINDOWS\system32\WINWGPX.EXEC:\WINDOWS\userconfig9x.dllC:\WINDOWS\zip1.tmpC:\WINDOWS\zip2.tmpC:\WINDOWS\zip3.tmpC:\WINDOWS\zipped.tmp.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-19 do 2008-09-19  ))))))))))))))))))))))))))))))).2008-09-19 17:27 . 2008-09-19 18:38	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31	<DIR>	d--------	C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53	<DIR>	d--------	C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-19 19:08	121	--a------	C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\Common Files\BitDefender2008-09-19 15:12 . 2008-09-19 17:23	<DIR>	d--------	C:\Program Files\SAV2008-09-19 15:12 . 2008-09-19 15:12	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi2008-09-19 15:12 . 2008-09-19 15:12	90,112	--a------	C:\WINDOWS\system32\stcjqlmr.exe2008-09-19 11:50 . 2008-09-19 15:29	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43	<DIR>	d--------	C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35	156	--a------	C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35	3	--a------	C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35	0	--a------	C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08	<DIR>	d--------	C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21	<DIR>	d--------	C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21	294	--a------	C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02	<DIR>	d--------	C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24	<DIR>	d--------	C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51	<DIR>	d--------	C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14	<DIR>	d--------	C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33	<DIR>	d--------	C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-19 19:05	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16	6,582,272	--a------	C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11	12,256	--a------	C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21	<DIR>	d--------	C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06	<DIR>	d--------	C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03	<DIR>	d--------	C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57	<DIR>	dr-h-c---	C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44	<DIR>	d----c---	C:\Office 2007 PL - rar.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-19 17:08	81,984	-c--a-w	C:\WINDOWS\system32\bdod.bin2008-09-19 14:37	86,792	----a-w	C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36	77,824	----a-w	C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-18 09:35	---------	d-----w	C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28	---------	d-----w	C:\Program Files\Canon2008-09-06 18:20	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03	---------	d-----w	C:\Program Files\Google2008-09-05 20:02	---------	d-----w	C:\Program Files\Winamp2008-09-05 20:01	---------	d-----w	C:\Program Files\ArcSoft2008-08-27 10:06	---------	d-----w	C:\Program Files\MSBuild2008-08-23 13:57	---------	d-----w	C:\Program Files\Common Files\Softwin2008-08-09 11:05	---------	d-----w	C:\Program Files\IrfanView2008-07-31 08:41	68,616	----a-w	C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41	238,088	----a-w	C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40	509,448	----a-w	C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18	467,984	----a-w	C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18	3,851,784	----a-w	C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18	1,493,528	----a-w	C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10	14	-c--a-w	C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05	22,328	-c--a-w	C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"TBPanel"="C:\Program Files\VDOTool\TBPanel.exe" [2008-06-04 2157096]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]"ProcSys"="C:\WINDOWS\system32\stcjqlmr.exe" [2008-09-19 90112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 716800]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"eC4Crbr0c9"="C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exe" [2008-09-19 65536][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx	REG_MULTI_SZ   	scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad54070-19f8-11dd-820d-001bd7c52330}]\Shell\AutoRun\command - G:\d.cmd\Shell\explore\Command - G:\d.cmd\Shell\open\Command - G:\d.cmd[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcdfa93-f33f-11dc-8142-001bd7c52330}]\Shell\AutoRun\command - 3g08.bat\Shell\explore\Command - 3g08.bat\Shell\open\Command - 3g08.bat*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeHKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exeHKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe.------- Skan uzupełniający -------.FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\u9ewn4dl.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.pajacyk.pl/index.phpFF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dllFF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dllFF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-19 19:08:32Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.Czas ukończenia: 2008-09-19 19:12:22ComboFix-quarantined-files.txt  2008-09-19 17:12:17Przed: 2,746,667,008 bajt˘w wolnychPo: 2,857,050,112 bajt˘w wolnych241
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:15:21, on 2008-09-19Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\BitDefender\BitDefender 2008\bdagent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\VDOTool\TBPanel.exeC:\Program Files\DNA\btdna.exeC:\Program Files\DAEMON Tools\daemon.exeC:\WINDOWS\system32\stcjqlmr.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2008\vsserv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Pulpit\HiJackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLLO3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [ProcSys] C:\WINDOWS\system32\stcjqlmr.exeO4 - HKLM\..\Policies\Explorer\Run: [eC4Crbr0c9] C:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLLO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exeO23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe--End of file - 6993 bytes

Gość
komentarz
komentarz

Wklej do Notatnika:

File::C:\WINDOWS\system32\stcjqlmr.exeC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeG:\d.cmdC:\d.cmdFolder::C:\Program Files\SAVC:\Documents and Settings\All Users\Dane aplikacji\tyjytuviRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"=-"ProcSys"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"eC4Crbr0c9"=-[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ad54070-19f8-11dd-820d-001bd7c52330}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebcdfa93-f33f-11dc-8142-001bd7c52330}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

//Usuwam drivery, które chciałeś usunąć

//Są one poprawne

//jesiona

cichy pszczółek
komentarz
komentarz

Z góry dziekuję djarta

Ponizej zamieszczam log`a. mam nadzieje ze jest czysty.

Rozumiem ze dopiero jesli log jest czysty, robie restart, i dopiero kasuje folder wskazany wczesniej.

Raz jeszcze dzieki za szybka odpowiedz - nie spodziewalem sie :)

pozdrawiam,

ComboFix 08-09-16.05 - Administrator 2008-09-20 19:47:23.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.231 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Dane aplikacji\tyjytuviC:\Documents and Settings\All Users\Dane aplikacji\tyjytuvi\vkncnqta.exeC:\Program Files\SAVC:\Program Files\SAV\sav0.datC:\Program Files\SAV\sav1.datC:\WINDOWS\system32\blphcp58j0egav.scrC:\WINDOWS\system32\lphcp58j0egav.exeC:\WINDOWS\system32\phcp58j0egav.bmpC:\WINDOWS\system32\stcjqlmr.exe.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-20 do 2008-09-20  ))))))))))))))))))))))))))))))).2008-09-19 21:15 . 2008-09-19 21:15	86,016	--a------	C:\WINDOWS\system32\qpabwjab.exe2008-09-19 17:27 . 2008-09-19 18:38	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31	<DIR>	d--------	C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53	<DIR>	d--------	C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-20 19:51	121	--a------	C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\Common Files\BitDefender2008-09-19 11:50 . 2008-09-19 15:29	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43	<DIR>	d--------	C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35	156	--a------	C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35	3	--a------	C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35	0	--a------	C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08	<DIR>	d--------	C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21	<DIR>	d--------	C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21	294	--a------	C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02	<DIR>	d--------	C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24	<DIR>	d--------	C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51	<DIR>	d--------	C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14	<DIR>	d--------	C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33	<DIR>	d--------	C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-20 19:52	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16	6,582,272	--a------	C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11	12,256	--a------	C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21	<DIR>	d--------	C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06	<DIR>	d--------	C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03	<DIR>	d--------	C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57	<DIR>	dr-h-c---	C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44	<DIR>	d----c---	C:\Office 2007 PL - rar.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-20 17:52	81,984	-c--a-w	C:\WINDOWS\system32\bdod.bin2008-09-19 14:37	86,792	----a-w	C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36	77,824	----a-w	C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-18 09:35	---------	d-----w	C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28	---------	d-----w	C:\Program Files\Canon2008-09-06 18:20	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03	---------	d-----w	C:\Program Files\Google2008-09-05 20:02	---------	d-----w	C:\Program Files\Winamp2008-09-05 20:01	---------	d-----w	C:\Program Files\ArcSoft2008-08-27 10:06	---------	d-----w	C:\Program Files\MSBuild2008-08-23 13:57	---------	d-----w	C:\Program Files\Common Files\Softwin2008-08-09 11:05	---------	d-----w	C:\Program Files\IrfanView2008-07-31 08:41	68,616	----a-w	C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41	238,088	----a-w	C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40	509,448	----a-w	C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18	467,984	----a-w	C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18	3,851,784	----a-w	C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18	1,493,528	----a-w	C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10	14	-c--a-w	C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05	22,328	-c--a-w	C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]"uidscmsg"="C:\WINDOWS\system32\qpabwjab.exe" [2008-09-19 86016][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx	REG_MULTI_SZ   	scan.- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-lphcp58j0egav - C:\WINDOWS\system32\lphcp58j0egav.exeHKLM-Run-inrhct58j0egav - C:\Documents and Settings\Administrator\Ustawienia lokalne\temp\.tt15.tmp.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-20 19:53:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.------------------------ Pozostałe uruchomione procesy ------------------------.C:\WINDOWS\system32\rundll32.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2008\vsserv.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe.**************************************************************************.Czas ukończenia: 2008-09-20 19:59:09 - komputer został uruchomiony ponownie [Administrator]ComboFix-quarantined-files.txt  2008-09-20 17:59:01ComboFix2.txt  2008-09-19 17:12:24Przed: 3,736,526,848 bajt˘w wolnychPo: 3,736,342,528 bajt˘w wolnych197

// logi wstawiamy w tagi code

// Tomek

Gość
komentarz
komentarz

Wklej do Notatnika:

File::C:\WINDOWS\system32\qpabwjab.exe

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

cichy pszczółek
komentarz
komentarz

witam,

poniżej podaje loga wygenerowanego po 2gim sprawdzeniu.

Wszystko udało się usunąć ?

pozdrawiam,

ComboFix 08-09-16.05 - Administrator 2008-09-20 21:59:02.3 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.284 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\qpabwjab.exe.(((((((((((((((((((((((((   Pliki utworzone od 2008-08-20 do 2008-09-20  ))))))))))))))))))))))))))))))).2008-09-19 17:27 . 2008-09-19 18:38	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-19 17:27 . 2008-06-10 21:22	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys2008-09-19 17:27 . 2008-06-02 15:19	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys2008-09-19 17:27 . 2008-06-02 15:19	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys2008-09-19 17:27 . 2008-06-02 15:19	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys2008-09-19 17:26 . 2008-09-19 17:31	<DIR>	d--------	C:\Program Files\Spyware Doctor2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-09-19 17:26 . 2008-09-19 17:26	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools2008-09-19 16:53 . 2008-09-19 16:53	<DIR>	d--------	C:\Program Files\Enigma Software Group2008-09-19 16:41 . 2008-09-20 22:04	121	--a------	C:\WINDOWS\bdagent.INI2008-09-19 16:39 . 2008-09-19 16:39	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start2008-09-19 16:03 . 2008-09-19 16:03	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitDefender2008-09-19 16:02 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\BitDefender2008-09-19 16:01 . 2008-09-19 16:02	<DIR>	d--------	C:\Program Files\Common Files\BitDefender2008-09-19 11:50 . 2008-09-19 15:29	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\BitTorrent2008-09-18 11:43 . 2008-09-18 11:43	<DIR>	d--------	C:\Program Files\Electronic Arts2008-09-18 10:35 . 2008-09-18 11:35	156	--a------	C:\WINDOWS\Twunk001.MTX2008-09-18 10:35 . 2008-09-18 11:35	3	--a------	C:\WINDOWS\Twain001.Mtx2008-09-18 10:35 . 2008-09-18 10:35	0	--a------	C:\WINDOWS\Twunk002.MTX2008-09-17 11:26 . 2008-09-17 11:26	278,984	--a------	C:\WINDOWS\system32\drivers\atksgt.sys2008-09-17 11:26 . 2008-09-17 11:26	25,416	--a------	C:\WINDOWS\system32\drivers\lirsgt.sys2008-09-17 11:08 . 2008-09-17 11:08	<DIR>	d--------	C:\WINDOWS\Logs2008-09-14 19:21 . 2008-09-14 19:21	<DIR>	d--------	C:\Program Files\Common Files\DirectX2008-09-13 19:21 . 2008-09-13 19:21	294	--a------	C:\WINDOWS\game.ini2008-09-12 18:02 . 2008-09-12 18:02	<DIR>	d--------	C:\Program Files\SEGA2008-09-11 17:24 . 2008-09-11 17:24	<DIR>	d--------	C:\Program Files\DivX2008-09-06 20:50 . 2008-09-06 20:51	<DIR>	d--------	C:\Program Files\DAEMON Tools2008-09-06 20:20 . 2008-09-06 20:20	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools2008-09-05 16:20 . 2008-09-05 16:20	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Trymedia2008-09-05 15:33 . 2008-09-12 23:14	<DIR>	d--------	C:\Program Files\DNA2008-09-05 15:33 . 2008-09-05 15:33	<DIR>	d--------	C:\Program Files\BitTorrent2008-09-05 15:33 . 2008-09-20 22:03	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji\DNA2008-09-05 15:18 . 2008-05-03 05:16	6,582,272	--a------	C:\WINDOWS\system32\nvdisps.dll2008-09-05 15:17 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll2008-09-05 15:16 . 2007-03-16 10:11	12,256	--a------	C:\WINDOWS\system32\drivers\TBPanel.sys2008-09-05 15:15 . 2008-09-05 15:21	<DIR>	d--------	C:\Program Files\VDOTool2008-08-27 12:13 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll2008-08-27 12:06 . 2008-08-27 12:06	<DIR>	d--------	C:\Program Files\Microsoft Works2008-08-27 12:03 . 2008-08-27 12:03	<DIR>	d--------	C:\Program Files\Microsoft.NET2008-08-27 12:00 . 2008-08-27 12:00	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 82008-08-27 11:59 . 2008-09-02 16:19	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-08-27 11:57 . 2008-08-27 11:57	<DIR>	dr-h-c---	C:\MSOCache2008-08-27 11:44 . 2008-08-27 11:44	<DIR>	d----c---	C:\Office 2007 PL - rar.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-20 20:04	81,984	-c--a-w	C:\WINDOWS\system32\bdod.bin2008-09-19 14:37	86,792	----a-w	C:\WINDOWS\system32\drivers\bdfndisf.sys2008-09-19 14:36	77,824	----a-w	C:\WINDOWS\system32\xcomm.dll2008-09-19 14:03	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\BitDefender2008-09-19 13:02	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-09-18 09:35	---------	d-----w	C:\Documents and Settings\Administrator\Dane aplikacji\Canon2008-09-18 08:28	---------	d-----w	C:\Program Files\Canon2008-09-06 18:20	717,296	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-09-05 20:03	---------	d-----w	C:\Program Files\Google2008-09-05 20:02	---------	d-----w	C:\Program Files\Winamp2008-09-05 20:01	---------	d-----w	C:\Program Files\ArcSoft2008-08-27 10:06	---------	d-----w	C:\Program Files\MSBuild2008-08-23 13:57	---------	d-----w	C:\Program Files\Common Files\Softwin2008-08-09 11:05	---------	d-----w	C:\Program Files\IrfanView2008-07-31 08:41	68,616	----a-w	C:\WINDOWS\system32\XAPOFX1_1.dll2008-07-31 08:41	238,088	----a-w	C:\WINDOWS\system32\xactengine3_2.dll2008-07-31 08:40	509,448	----a-w	C:\WINDOWS\system32\XAudio2_2.dll2008-07-23 16:48	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll2008-07-23 16:48	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll2008-07-12 06:18	467,984	----a-w	C:\WINDOWS\system32\d3dx10_39.dll2008-07-12 06:18	3,851,784	----a-w	C:\WINDOWS\system32\D3DX9_39.dll2008-07-12 06:18	1,493,528	----a-w	C:\WINDOWS\system32\D3DCompiler_39.dll2008-02-11 15:10	14	-c--a-w	C:\Documents and Settings\Administrator\getfile.dat2008-02-02 21:05	22,328	-c--a-w	C:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 1267040][HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1][HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}][HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856]"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-29 180269]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 278528]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 86016]"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-19 368640]"nwiz"="nwiz.exe" [2008-05-03 C:\WINDOWS\system32\nwiz.exe]"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 C:\WINDOWS\system32\HdAShCut.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\DNA\\btdna.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"17423:TCP"= 17423:TCP:NortonAV"18315:TCP"= 18315:TCP:NortonAV"13427:TCP"= 13427:TCP:NortonAVR3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-09-19 86792]R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]S3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [ ]S3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [ ]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 V0090VID;Creative WebCam Vista Plus;C:\WINDOWS\system32\DRIVERS\V0090Vid.sys [2005-04-14 138112][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx	REG_MULTI_SZ	   scan.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-uidscmsg - C:\WINDOWS\system32\qpabwjab.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-20 22:04:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\.Czas ukończenia: 2008-09-20 22:08:09ComboFix-quarantined-files.txt  2008-09-20 20:08:02ComboFix2.txt  2008-09-20 17:59:12ComboFix3.txt  2008-09-19 17:12:24Przed: 3,700,211,712 bajt˘w wolnychPo: 3,705,028,608 bajt˘w wolnych171
Mateusz J.
komentarz
komentarz

Log czysty.

Wywal folder c:\QooBox

W razie problemów zapraszam ponownie :)

cichy pszczółek
komentarz
komentarz

wielkie dzieki,

odwalacie kawal dobrej roboty tutaj :)

pozdrawiam,

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.