x-kom hosting

Natrętny wirus!

Girolamo
utworzono
utworzono

Witam, to znów ja. I znów mam problem ze swoim komputerem. Tym razem mam Wirusa na kompie którego mój AntyVisrus nie znajduje niestety. Na pulpicie ciągle mi się "robią" skróty o tematyce erotycznej i jakiś niby antyvirus "micro AV". Który jak sądzę sam jest wirusem. Nie wiem jak to usunąć :/ Prosze o pomoc

Logi z combofixa

ComboFix 08-09-27.03 - Micha 2008-10-09 22:13:20.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.157 [GMT 2:00]Uruchomiony z: H:\Documents and Settings\Micha\Pulpit\ComboFix.exe[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -.(((((((((((((((((((((((((   Pliki utworzone od 2008-09-09 do 2008-10-09  ))))))))))))))))))))))))))))))).2008-10-09 21:49 . 	61,440		H:\Documents and Settings\Michał\nkp2.exe2008-10-09 21:25 . 2008-10-07 08:14	3,262	--a------	H:\WINDOWS\system32\2.ico2008-10-09 21:24 . 2008-10-09 21:44	61,440	--a------	H:\Documents and Settings\Adam\nkp2.exe2008-10-09 20:36 . 2008-10-09 20:35	512,096	--a------	H:\WINDOWS\system32\drivers\amon.sys2008-10-09 20:36 . 2008-10-09 20:35	298,104	--a------	H:\WINDOWS\system32\imon.dll2008-10-09 20:36 . 2008-10-09 20:35	15,424	--a------	H:\WINDOWS\system32\drivers\nod32drv.sys2008-10-09 20:35 . 2008-10-09 20:35	<DIR>	d--------	H:\Program Files\ESET2008-10-09 20:20 . 2008-10-09 21:49	<DIR>	d--------	H:\Program Files\PCHealthCenter2008-10-09 20:20 . 2008-10-09 21:49	<DIR>	d--------	H:\Program Files\MicroAV2008-10-09 20:20 . 2008-10-07 08:14	167,424	--a------	H:\WINDOWS\system32\MicroAV.cpl2008-10-09 20:20 . 2008-10-07 08:14	3,262	--a------	H:\WINDOWS\system32\1.ico2008-10-09 20:10 . 2008-10-09 22:14	103,394	--a------	H:\WINDOWS\system32\drivers\fd63ca1e.sys2008-10-09 20:10 . 2008-10-09 20:10	32,256	--a------	H:\WINDOWS\system32\winzdn32.dll2008-10-09 20:10 . 2008-10-09 20:10	23,040	--a------	H:\WINDOWS\system32\rs32net.exe2008-10-09 19:58 . 2003-12-21 17:24	140,800	--a------	H:\WINDOWS\system32\drivers\xmasbus.sys2008-10-09 19:58 . 2003-12-20 20:03	5,504	--a------	H:\WINDOWS\system32\drivers\xmasscsi.sys2008-10-09 19:52 . 	<DIR>		H:\Documents and Settings\Michał\Dane aplikacji\DAEMON Tools Pro2008-10-05 21:28 . 	<DIR>		H:\Documents and Settings\Michał\Dane aplikacji\Moyea2008-10-04 14:12 . 2008-10-06 21:41	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\ipla2008-10-04 14:12 . 2008-10-06 21:41	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\ipla2008-10-04 14:11 . 2008-10-04 14:12	<DIR>	d--------	H:\Program Files\ipla2008-10-02 21:41 . 2008-10-02 21:41	<DIR>	d--------	H:\Program Files\Codec Pack - All In 12008-10-02 21:41 . 2008-10-02 21:41	737,280	--a------	H:\WINDOWS\iun6002.exe2008-10-01 15:55 . 2008-10-01 15:55	32	--a------	H:\WINDOWS\CD_Start.INI2008-09-28 14:42 . 2008-09-28 14:42	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Avira2008-09-27 19:56 . 1999-12-17 10:13	86,016	--a------	H:\WINDOWS\unvise32.exe2008-09-27 19:41 . 2002-01-05 15:37	344,064	--a------	H:\WINDOWS\system32\msvcr70.dll2008-09-27 19:22 . 2008-09-27 19:22	<DIR>	d--------	H:\Program Files\OJOsoft2008-09-27 19:22 . 2008-09-27 19:22	<DIR>	d--------	H:\Program Files\Common Files\Common Share2008-09-27 18:16 . 2008-09-27 18:19	<DIR>	d--------	H:\WINDOWS\ServicePackFiles2008-09-27 18:16 . 2008-04-14 22:51	294,912	-----c---	H:\WINDOWS\system32\dllcache\dlimport.exe2008-09-27 18:12 . 2006-12-29 00:31	19,569	--a------	H:\WINDOWS\[u]0[/u]02640_.tmp2008-09-27 18:10 . 2008-09-27 18:10	<DIR>	d--------	H:\WINDOWS\EHome2008-09-27 18:07 . 2008-09-27 18:07	<DIR>	d--------	H:\kopia zapasowa2008-09-27 17:34 . 2008-09-27 17:39	<DIR>	d--------	H:\Program Files\Yahoo!2008-09-26 20:14 . 	<DIR>		H:\Documents and Settings\Michał\UserData2008-09-24 14:44 . 2008-09-24 14:43	103,736	--a------	H:\WINDOWS\system32\PnkBstrB.exe2008-09-24 14:38 . 2008-09-24 14:38	<DIR>	d--------	H:\WINDOWS\system32\LogFiles2008-09-21 15:38 . 2008-09-21 15:38	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-09-21 15:06 . 2008-09-27 16:48	4,096	--a------	H:\WINDOWS\system32\crash2008-09-21 13:57 . 	<DIR>		H:\Documents and Settings\Michał\Dane aplikacji\Skype2008-09-20 13:43 . 2008-10-09 20:06	107,888	--a------	H:\WINDOWS\system32\CmdLineExt.dll2008-09-18 19:49 . 2008-10-09 11:33	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\skypePM2008-09-18 19:49 . 2008-09-18 19:49	56	--ah-----	H:\WINDOWS\system32\ezsidmv.dat2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Program Files\Skype2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Program Files\Common Files\Skype2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Skype2008-09-18 19:39 . 2008-10-09 16:36	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Skype2008-09-12 00:20 . 2008-09-12 00:20	<DIR>	d--------	H:\Program Files\MSXML 4.02008-09-11 16:04 . 2008-10-01 17:58	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Printer Info Cache2008-09-11 16:04 . 2008-10-01 17:58	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Image Zone Express2008-09-11 16:03 . 2008-09-11 16:03	<DIR>	d---s----	H:\Documents and Settings\Adam\UserData2008-09-11 14:39 . 2006-10-26 19:56	32,592	--a------	H:\WINDOWS\system32\msonpmon.dll2008-09-11 14:37 . 2008-09-11 14:37	<DIR>	d--------	H:\Program Files\MSBuild2008-09-11 14:37 . 2008-09-11 14:37	<DIR>	d--------	H:\Program Files\Microsoft Works2008-09-11 14:34 . 2008-09-11 14:34	<DIR>	d--------	H:\Program Files\Microsoft.NET2008-09-11 14:31 . 2008-09-11 14:36	<DIR>	d--------	H:\WINDOWS\SHELLNEW2008-09-11 14:30 . 2008-09-17 20:37	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-09-11 12:18 . 2008-09-11 12:18	<DIR>	d--------	H:\Program Files\Common Files\snpstd32008-09-11 12:18 . 2004-11-25 15:42	419,200	--a------	H:\WINDOWS\system32\drivers\snpstd3.sys2008-09-11 12:18 . 2004-07-30 18:50	286,720	--a------	H:\WINDOWS\vsnpstd3.exe2008-09-11 12:18 . 2004-08-09 17:43	94,208	--a------	H:\WINDOWS\amcap.exe2008-09-11 12:18 . 2004-02-16 13:59	61,440	--a------	H:\WINDOWS\system32\csnpstd3.dll2008-09-11 12:18 . 2004-11-26 10:33	57,344	--a------	H:\WINDOWS\system32\rsnpstd3.dll2008-09-11 12:18 . 2004-06-15 15:18	53,248	--a------	H:\WINDOWS\system32\dsnpstd3.dll2008-09-11 12:18 . 2004-11-25 12:59	36,864	--a------	H:\WINDOWS\system32\vsnpstd3.dll2008-09-11 12:18 . 2004-11-25 12:54	36,864	--a------	H:\WINDOWS\system32\dsnpstd3.ax2008-09-11 12:18 . 2004-08-06 15:48	20,480	--a------	H:\WINDOWS\usnpstd3.exe2008-09-11 12:18 . 2004-02-27 17:36	15,498	--a------	H:\WINDOWS\snpstd3.ini2008-09-11 12:18 . 2004-02-27 17:36	13,023	--a------	H:\WINDOWS\snpstd3.src2008-09-10 14:23 . 	<DIR>		H:\Documents and Settings\Michał\Dane aplikacji\HP2008-09-10 13:32 . 2008-09-10 13:32	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\WEBREG2008-09-10 13:31 . 2008-09-11 16:02	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\HP2008-09-10 13:28 . 2008-09-10 13:28	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY2008-09-10 13:28 . 2008-09-10 13:29	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\HP2008-09-10 13:27 . 2008-09-10 13:27	<DIR>	d--------	H:\Program Files\Hewlett-Packard2008-09-10 13:27 . 2008-09-10 13:30	<DIR>	d--------	H:\Program Files\Common Files\HP2008-09-10 13:27 . 2008-09-10 13:27	<DIR>	d--------	H:\Program Files\Common Files\Hewlett-Packard2008-09-10 13:26 . 2008-09-10 13:26	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard2008-09-10 13:26 . 2006-12-06 08:02	49,920	-ra------	H:\WINDOWS\system32\drivers\HPZid412.sys2008-09-10 13:26 . 2006-12-06 08:02	16,496	-ra------	H:\WINDOWS\system32\drivers\HPZipr12.sys2008-09-10 13:25 . 2006-12-06 08:00	675,840	-ra------	H:\WINDOWS\system32\hpowiax3.dll2008-09-10 13:25 . 2006-12-06 08:00	569,344	-ra------	H:\WINDOWS\system32\hpotscl3.dll2008-09-10 13:25 . 2006-12-06 08:02	364,544	-ra------	H:\WINDOWS\system32\hppldcoi.dll2008-09-10 13:25 . 2006-12-06 08:02	309,760	-ra------	H:\WINDOWS\system32\difxapi.dll2008-09-10 13:25 . 2006-12-06 08:00	294,912	-ra------	H:\WINDOWS\system32\hpovst10.dll2008-09-10 13:25 . 2006-12-15 18:04	258,048	-ra------	H:\WINDOWS\system32\hpzids01.dll2008-09-10 13:25 . 2006-12-30 15:49	117,760	--a------	H:\WINDOWS\system32\hpzll4v2.dll2008-09-10 13:25 . 2006-12-06 08:02	21,568	-ra------	H:\WINDOWS\system32\drivers\HPZius12.sys2008-09-10 13:25 . 2008-04-14 00:15	15,104	--a------	H:\WINDOWS\system32\drivers\usbscan.sys2008-09-10 13:23 . 2008-09-10 13:24	<DIR>	d----c---	H:\WINDOWS\system32\DRVSTORE2008-09-10 13:23 . 2008-09-10 13:38	<DIR>	d--------	H:\Program Files\HP2008-09-10 13:20 . 2008-10-08 19:46	141,290	--a------	H:\WINDOWS\hpoins12.dat2008-09-10 13:20 . 2007-01-22 18:05	1,470	---------	H:\WINDOWS\hpomdl12.dat2008-09-09 17:57 . 2008-09-09 17:57	<DIR>	d--h-----	H:\WINDOWS\PIF2008-09-09 16:22 . 2004-08-17 21:14	442,368	-ra------	H:\WINDOWS\system32\vp6vfw.dll2008-09-09 16:03 . 	<DIR>		H:\Documents and Settings\Michał\Dane aplikacji\DAEMON Tools2008-09-09 16:03 . 2008-09-09 16:03	717,296	--a------	H:\WINDOWS\system32\drivers\sptd.sys2008-09-09 13:05 . 2008-04-14 00:17	25,856	--a------	H:\WINDOWS\system32\drivers\usbprint.sys2008-09-09 13:04 . 2008-04-14 00:15	32,128	--a------	H:\WINDOWS\system32\drivers\usbccgp.sys.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-09 18:12	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Adobe2008-10-08 16:50	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Tlen.pl2008-10-05 13:24	---------	d--h--w	H:\Program Files\InstallShield Installation Information2008-10-03 17:21	---------	d-s---w	H:\Documents and Settings\Michał\Dane aplikacji\Microsoft2008-09-29 08:22	---------	d-----w	H:\Program Files\Gadu-Gadu2008-09-28 14:41	---------	d-----w	H:\Program Files\Tlen.pl2008-09-07 18:30	---------	d-----w	H:\Program Files\Picasa22008-09-07 18:30	---------	d-----w	H:\Program Files\Google2008-09-07 11:17	---------	d-----w	H:\Documents and Settings\Adam\Dane aplikacji\Winamp2008-09-06 21:06	---------	d-----w	H:\Documents and Settings\Adam\Dane aplikacji\ATI2008-09-03 17:39	---------	d-----w	H:\Program Files\Burn4Free2008-09-01 20:08	---------	d-----w	H:\Program Files\Common Files\Adobe AIR2008-09-01 20:08	---------	d-----w	H:\Program Files\Common Files\Adobe2008-09-01 20:08	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Macromedia2008-09-01 18:29	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Winamp2008-09-01 17:19	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\ATI2008-09-01 17:14	---------	d-----w	H:\Documents and Settings\All Users\Dane aplikacji\ESET2008-09-01 17:08	---------	d-----w	H:\Program Files\ffdshow2008-09-01 16:58	---------	d-----w	H:\Program Files\Common Files\ATI Technologies2008-09-01 16:55	---------	d-----w	H:\Program Files\ATI Technologies2008-09-01 16:50	---------	d-----w	H:\Program Files\Common Files\InstallShield2008-09-01 16:47	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Mozilla2008-09-01 16:41	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Identities2008-09-01 16:33	---------	d-----w	H:\Program Files\Realtek AC972008-09-01 16:33	---------	d-----w	H:\Program Files\AvRack2008-09-01 16:31	---------	d-----w	H:\Program Files\AMD2008-09-01 16:30	4,096	----a-w	H:\WINDOWS\gdrv.sys2008-09-01 16:19	---------	d-----w	H:\Program Files\Realtek Sound Manager2008-09-01 16:16	---------	d-----w	H:\Program Files\Multimedia Card Reader2008-09-01 16:01	---------	d-----w	H:\Program Files\microsoft frontpage2008-09-01 15:58	---------	d-----w	H:\Program Files\Usługi online2008-07-19 05:08	719,872	----a-w	H:\WINDOWS\system32\devil.dll2008-07-19 05:08	351,744	----a-w	H:\WINDOWS\system32\avisynth.dll2008-07-18 20:10	94,920	----a-w	H:\WINDOWS\system32\cdm.dll2008-07-18 20:10	53,448	----a-w	H:\WINDOWS\system32\wuauclt.exe2008-07-18 20:10	45,768	----a-w	H:\WINDOWS\system32\wups2.dll2008-07-18 20:10	36,552	----a-w	H:\WINDOWS\system32\wups.dll2008-07-18 20:09	563,912	----a-w	H:\WINDOWS\system32\wuapi.dll2008-07-18 20:09	325,832	----a-w	H:\WINDOWS\system32\wucltui.dll2008-07-18 20:09	205,000	----a-w	H:\WINDOWS\system32\wuweb.dll2008-07-18 20:09	1,811,656	----a-w	H:\WINDOWS\system32\wuaueng.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]"Komunikator"="H:\Program Files\Tlen.pl\tlen.exe" [2007-10-16 6234112]"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]"\YUR28.exe"="C:\Windows\system32\YUR28.exe" [2008-10-07 25088]"\YUR29.exe"="C:\Windows\system32\YUR29.exe" [2008-10-07 25088]"\YUR2A.exe"="C:\Windows\system32\YUR2A.exe" [2008-10-07 24064]"\YUR2B.exe"="C:\Windows\system32\YUR2B.exe" [2008-10-07 24064]"\YUR59.exe"="C:\Windows\system32\YUR59.exe" [2008-10-07 25088]"\YUR5A.exe"="C:\Windows\system32\YUR5A.exe" [2008-10-07 25088]"\YUR5B.exe"="C:\Windows\system32\YUR5B.exe" [2008-10-07 24064]"\YUR67.exe"="C:\Windows\system32\YUR67.exe" [2008-10-07 74752][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sunkist2k"="H:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072]"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 37376]"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-09-23 37761]"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-09-23 368647]"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]"snpstd3"="H:\WINDOWS\vsnpstd3.exe" [2004-07-30 286720]"GrooveMonitor"="F:\office\Office12\GrooveMonitor.exe" [2008-09-24 32632]"avgnt"="E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-09-28 274457]"\YUR28.exe"="C:\Windows\system32\YUR28.exe" [2008-10-07 25088]"\YUR29.exe"="C:\Windows\system32\YUR29.exe" [2008-10-07 25088]"\YUR2A.exe"="C:\Windows\system32\YUR2A.exe" [2008-10-07 24064]"\YUR2B.exe"="C:\Windows\system32\YUR2B.exe" [2008-10-07 24064]"nod32kui"="e:\Eset\nod32kui.exe" [2008-10-09 949376]"\YUR3C.exe"="C:\Windows\system32\YUR3C.exe" [2008-10-07 25088]"\YUR3D.exe"="C:\Windows\system32\YUR3D.exe" [2008-10-07 24064]"\YUR3E.exe"="C:\Windows\system32\YUR3E.exe" [2008-10-07 25088]"\YUR3F.exe"="C:\Windows\system32\YUR3F.exe" [2008-10-07 24064]"\YUR59.exe"="C:\Windows\system32\YUR59.exe" [2008-10-07 25088]"\YUR5A.exe"="C:\Windows\system32\YUR5A.exe" [2008-10-07 25088]"\YUR5B.exe"="C:\Windows\system32\YUR5B.exe" [2008-10-07 24064]"\YUR67.exe"="C:\Windows\system32\YUR67.exe" [2008-10-07 74752]"SoundMan"="SOUNDMAN.EXE" [2006-01-11 H:\WINDOWS\soundman.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]H:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - F:\office\Office12\ONENOTEM.EXE [2006-10-26 98632]H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]2008-10-09 20:10 32256 H:\WINDOWS\system32\winzdn32.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="H:\\Program Files\\Tlen.pl\\tlen.exe"="E:\\instalki\\DCPlusPlus.exe"="E:\\metin\\metin2.bin"="E:\\DC++\\DCPlusPlus.exe"="F:\\office\\Office12\\OUTLOOK.EXE"="F:\\office\\Office12\\groove.exe"="F:\\office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\bvdmss.exe"="nkp2.exe"= nkp2.exe:BVDMSSR0 xmasbus;xmasbus;H:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]R0 xmasscsi;xmasscsi;H:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 5504]S2 BVDMSS;Windows Network Data Management System Service;C:\WINDOWS\system32\bvdmss.exe [2008-10-09 61440]S3 {BEE686B9-4C84-4487-9D72-9F40F051E973};{BEE686B9-4C84-4487-9D72-9F40F051E973};H:\WINDOWS\System32\svchost.exe [2008-04-14 14336][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvcHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs{BEE686B9-4C84-4487-9D72-9F40F051E973}*Newly Created Service* - bvdmss*Newly Created Service* - ws2ifsl*Newly Created Service* - XMASSCSI[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612}]C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-\YUR58.exe - C:\Windows\system32\YUR58.exeHKLM-Run-\YUR58.exe - C:\Windows\system32\YUR58.exe.------- Skan uzupełniający -------.R0 -: HKCU-Main,Start Page = hxxp://www.startpage.reganam.comO8 -: E&ksportuj do programu Microsoft Excel - F:\office\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-09 22:14:13Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BEE686B9-4C84-4487-9D72-9F40F051E973}]"ServiceDll"="H:\DOCUME~1\Adam\USTAWI~1\Temp\1C88.tmp"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fd63ca1e]"ImagePath"="\SystemRoot\System32\drivers\fd63ca1e.sys".Czas ukończenia: 2008-10-09 22:16:28ComboFix-quarantined-files.txt  2008-10-09 20:16:25ComboFix2.txt  2008-09-28 17:10:14Przed: 2˙190˙163˙968 bajt˘w wolnychPo: 2,221,461,504 bajt˘w wolnych263	--- E O F ---	2008-09-28 21:12:34

I HJ:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:21:56, on 2008-10-09Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\Ati2evxx.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\spoolsv.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\System32\svchost.exee:\Alcohol 120\StarWind\StarWindServiceAE.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\system32\Ati2evxx.exeH:\Program Files\Multimedia Card Reader\shwicon2k.exeH:\Program Files\ATI Technologies\ATI.ACE\cli.exeE:\Winamp\winampa.exeH:\Program Files\HP\HP Software Update\HPWuSchd2.exeF:\office\Office12\GrooveMonitor.exeH:\WINDOWS\system32\ctfmon.exeH:\Documents and Settings\Michał\Dane aplikacji\Adobe\Player.exeC:\WINDOWS\system32\bvdmss.exeH:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeH:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeH:\Program Files\ATI Technologies\ATI.ACE\cli.exeH:\Program Files\ATI Technologies\ATI.ACE\cli.exeH:\WINDOWS\system32\wuauclt.exeH:\Program Files\Mozilla Firefox\firefox.exeE:\Trend Micro\HijackThis\HijackThis.exeH:\WINDOWS\explorer.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.reganam.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\office\Office12\GRA8E1~1.DLLO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - e:\Moyea\FLV Downloader\MoyeaCth.dllO2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - H:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dllO4 - HKLM\..\Run: [sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exeO4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exeO4 - HKLM\..\Run: [GrooveMonitor] "F:\office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exeO4 - HKLM\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exeO4 - HKLM\..\Run: [\YUR2A.exe] C:\Windows\system32\YUR2A.exeO4 - HKLM\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exeO4 - HKLM\..\Run: [nod32kui] "e:\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [\YUR3C.exe] C:\Windows\system32\YUR3C.exeO4 - HKLM\..\Run: [\YUR3D.exe] C:\Windows\system32\YUR3D.exeO4 - HKLM\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exeO4 - HKLM\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exeO4 - HKLM\..\Run: [\YUR59.exe] C:\Windows\system32\YUR59.exeO4 - HKLM\..\Run: [\YUR5A.exe] C:\Windows\system32\YUR5A.exeO4 - HKLM\..\Run: [\YUR5B.exe] C:\Windows\system32\YUR5B.exeO4 - HKLM\..\Run: [\YUR67.exe] C:\Windows\system32\YUR67.exeO4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exeO4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exeO4 - HKCU\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exeO4 - HKCU\..\Run: [\YUR2A.exe] C:\Windows\system32\YUR2A.exeO4 - HKCU\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exeO4 - HKCU\..\Run: [\YUR59.exe] C:\Windows\system32\YUR59.exeO4 - HKCU\..\Run: [\YUR5A.exe] C:\Windows\system32\YUR5A.exeO4 - HKCU\..\Run: [\YUR5B.exe] C:\Windows\system32\YUR5B.exeO4 - HKCU\..\Run: [\YUR67.exe] C:\Windows\system32\YUR67.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\office\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\office\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\office\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: winzdn32 - H:\WINDOWS\SYSTEM32\winzdn32.dllO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exeO23 - Service: Windows Network Data Management System Service (bvdmss) - Unknown owner - C:\WINDOWS\system32\bvdmss.exeO23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NOD32 Kernel Service (nod32krn) - Eset  - e:\Eset\nod32krn.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 7420 bytes

Z góry dziękuje

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::H:\Documents and Settings\Michał\nkp2.exeH:\Documents and Settings\Adam\nkp2.exeH:\WINDOWS\system32\2.icoH:\WINDOWS\system32\rs32net.exeH:\WINDOWS\system32\drivers\fd63ca1e.sysH:\WINDOWS\system32\winzdn32.dllH:\WINDOWS\system32\MicroAV.cplC:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exeFolder::H:\Program Files\MicroAVH:\Program Files\PCHealthCenterRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"\YUR28.exe"="-"\YUR29.exe"=-"\YUR2A.exe"=-"\YUR2B.exe"=-"\YUR59.exe"=-"\YUR5A.exe"=-"\YUR5B.exe"=-"\YUR67.exe"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"\YUR28.exe"=-"\YUR29.exe"=-"\YUR2A.exe"=-"\YUR2B.exe"=-"\YUR3C.exe"=-"\YUR3D.exe"=-"\YUR3E.exe"=-"\YUR3F.exe"=-"\YUR59.exe"=-"\YUR5A.exe"=-"\YUR5B.exe"=-"\YUR67.exe"=-[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612}]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.