Jak usunąć Trojana?


(Kejsper 92) #1

Witam.

Mam wielki problem. Mój komputer złapał trojana a ja nie wiem co mam robić. Jestem kompletnie zielony w sprawach z wirusami. Próbowałem go usunąć przez Spyware Doctor, ale kiedy usunąłem i jakiś czas później znowu przeskanowałem komputer to ponownie wykryło wirusa.

Błagam pomóżcie! !!


(Agatonster) #2

Catronix ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Temat przenoszę do działu Bezpieczeństwo...

Pobierz narzędzie dostępne w linku i po sporządzeniu wklej log HijackThis - fachowcy od logów zajmą się problemem.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów, przeczytaj i zastosuj się do Tematu


(huber2t) #3

Podaj log z Combofix


(Kejsper 92) #4

Logfile of HijackThis v1.99.1

Scan saved at 17:39:36, on 2008-10-28

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\user\Desktop\Programy\Ygoow\Ygoow.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount

O4 - HKCU..\Run: [504df53e] rundll32.exe "C:\Users\user\AppData\Local\Temp\cqvruqhn.dll",b

O4 - Global Startup: Bluetooth Manager.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


(Leon$) #5

Pobierz HijackThis 2.02 http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654

wpisy

usuń HijackThisem >> Fix checked

zastanów się czy

jest ci potrzebne podczas uruchamiania systemu

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Kejsper 92) #6

ComboFix 08-10-28.01 - user 2008-10-28 19:16:06.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.972 [GMT 1:00]

Uruchomiony z: C:\Users\user\Desktop\ComboFix.exe

Użyto następujących komend :: C:\Users\user\Desktop\CFScript.txt.txt

* Utworzono nowy punkt przywracania

FILE ::

C:\Users\user\AppData\Local\Temp\cqvruqhn.dll

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\user\AppData\Local\Temp\cqvruqhn.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))

.

2008-10-27 21:32 . 2008-10-27 21:32

2008-10-26 19:32 . 2008-10-26 19:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-10-25 20:30 . 2008-10-25 20:30

2008-10-25 20:30 . 2008-10-25 20:30

2008-10-25 19:42 . 2008-10-25 19:42

2008-10-25 19:42 . 2008-10-28 17:57

2008-10-25 19:42 . 2008-08-25 11:36 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys

2008-10-25 19:42 . 2008-08-25 11:36 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys

2008-10-25 19:42 . 2008-08-25 11:36 40,840 --a------ C:\Windows\System32\drivers\ikfilesec.sys

2008-10-25 19:42 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys

2008-10-25 17:27 . 2008-10-28 19:11

2008-10-25 17:27 . 2008-10-28 19:11

2008-10-25 16:59 . 2008-10-25 19:39

2008-10-25 16:50 . 2008-10-25 16:50 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys

2008-10-25 16:50 . 2008-10-25 16:50 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-10-25 16:49 . 2008-10-28 18:05

2008-10-25 16:49 . 2008-10-25 16:49

2008-10-25 16:49 . 2008-10-25 16:49

2008-10-25 16:49 . 2008-10-25 16:49

2008-10-25 16:49 . 2008-10-25 16:49 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-10-23 18:36 . 2008-10-23 18:36 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys

2008-10-23 18:36 . 2008-10-23 18:36 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys

2008-10-23 18:34 . 2005-05-26 14:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll

2008-10-23 16:09 . 2008-10-23 16:09

2008-10-22 17:06 . 2008-10-22 17:06

2008-10-22 17:06 . 2008-10-22 17:06

2008-10-22 17:06 . 2008-10-22 17:06

2008-10-22 17:06 . 2002-01-05 14:37 344,064 --a------ C:\Windows\System32\msvcr70.dll

2008-10-20 19:24 . 2008-10-20 19:24 23 --a------ C:\Windows\BlendSettings.ini

2008-10-20 18:02 . 2007-11-08 10:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex

2008-10-17 20:01 . 2008-10-17 20:01 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-10-17 19:41 . 2004-03-03 20:30 125,184 --------- C:\Windows\System32\drivers\imagesrv.sys

2008-10-17 19:41 . 2004-03-03 20:30 5,504 --------- C:\Windows\System32\drivers\imagedrv.sys

2008-10-17 19:40 . 2008-10-17 19:40

2008-10-17 19:40 . 2004-07-20 16:24 1,568,768 --------- C:\Windows\System32\ImagX7.dll

2008-10-17 19:40 . 2004-07-20 16:24 476,320 --------- C:\Windows\System32\ImagXpr7.dll

2008-10-17 19:40 . 2004-07-20 16:24 471,040 --------- C:\Windows\System32\ImagXRA7.dll

2008-10-17 19:40 . 2004-07-09 08:43 364,544 --------- C:\Windows\System32\TwnLib4.dll

2008-10-17 19:40 . 2004-07-20 16:24 262,144 --------- C:\Windows\System32\ImagXR7.dll

2008-10-17 19:40 . 2001-07-09 10:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe

2008-10-17 19:40 . 2000-06-26 10:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll

2008-10-17 19:40 . 2001-06-26 07:15 38,912 --------- C:\Windows\System32\picn20.dll

2008-10-17 15:09 . 2008-04-26 09:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-10-17 15:09 . 2008-04-12 04:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-10-17 15:09 . 2008-04-05 02:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-10-17 15:09 . 2008-04-05 04:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-10-16 17:49 . 2008-10-16 17:49

2008-10-16 17:15 . 2008-10-16 16:43 152,576 --a------ C:\Windows\System32\SPWizUI.dll

2008-10-16 17:15 . 2008-10-16 16:43 47,560 --a------ C:\Windows\System32\SPReview.exe

2008-10-16 17:01 . 2008-01-18 22:36 6,656 --a------ C:\Windows\System32\sdspres.dll

2008-10-16 17:00 . 2008-01-18 22:33 193,024 --a------ C:\Windows\System32\recdisc.exe

2008-10-16 16:59 . 2008-01-18 22:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe

2008-10-16 16:59 . 2008-01-18 22:36 142,336 --a------ C:\Windows\System32\spp.dll

2008-10-16 16:59 . 2008-01-18 22:36 28,160 --a------ C:\Windows\System32\sxproxy.dll

2008-10-16 16:48 . 2008-01-18 22:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll

2008-10-16 16:44 . 2008-01-18 22:33 44,032 --a------ C:\Windows\System32\cbsra.exe

2008-10-16 16:43 . 2008-10-16 17:16 196,608 --a------ C:\Windows\SPInstall.etl

2008-10-15 15:27 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-10-15 15:27 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-10-15 15:27 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys

2008-10-15 15:27 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys

2008-10-15 15:26 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-10-15 15:26 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll

2008-10-14 12:39 . 2008-10-14 12:40

2008-10-12 17:07 . 2008-10-12 17:07

2008-10-12 17:07 . 2008-07-09 09:05 421,888 --a------ C:\Windows\System32\ac3filter.acm

2008-10-09 16:25 . 2008-10-09 16:25

2008-10-05 13:59 . 2004-12-10 09:06 327,680 --a------ C:\Windows\System32\vp6dec.ax

2008-10-05 13:59 . 2004-12-10 09:47 53,248 --a------ C:\Windows\System32\vp6dec_settings.cpl

2008-09-30 18:43 . 1998-10-07 11:54 327,168 --a------ C:\Windows\IsUn0415.exe

2008-09-30 18:24 . 2008-09-30 18:24

2008-09-30 18:20 . 2008-09-30 18:20

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-28 18:13 318,976 ----a-w C:\Windows\System32\CF6900.exe

2008-10-25 15:47 --------- d-----w C:\ProgramData\McAfee

2008-10-23 17:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-16 17:01 174 --sha-w C:\Program Files\desktop.ini

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Sidebar

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Mail

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Journal

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Defender

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Collaboration

2008-10-16 16:53 --------- d-----w C:\Program Files\Windows Calendar

2008-10-16 16:23 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-10-16 16:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-09-30 17:21 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-09-27 13:54 --------- d-----w C:\Program Files\DivX

2008-09-23 14:28 --------- d-----w C:\Users\user\AppData\Roaming\OTi

2008-09-18 14:14 --------- d-----w C:\Program Files\Guitar Pro 5

2008-09-16 00:14 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-09-16 00:14 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-09-16 00:12 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-09-16 00:12 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-09-16 00:12 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-09-16 00:12 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-09-16 00:12 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-09-16 00:12 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-09-16 00:12 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-09-16 00:12 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-09-16 00:11 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-09-16 00:11 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll

2008-09-16 00:11 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-09-16 00:11 683,520 ----a-w C:\Windows\System32\DivX.dll

2008-09-16 00:11 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-09-16 00:11 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-08-28 20:07 --------- d-----w C:\Users\user\AppData\Roaming\Toshiba

2008-08-16 08:41 269,312 ----a-w C:\Windows\System32\es.dll

2008-08-16 08:39 428,544 ----a-w C:\Windows\System32\EncDec.dll

2008-08-16 08:39 293,376 ----a-w C:\Windows\System32\psisdecd.dll

2008-08-14 23:28 61,440 ----a-w C:\Windows\System32\winipsec.dll

2008-08-14 23:28 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-08-14 23:28 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll

2008-08-14 23:28 272,896 ----a-w C:\Windows\System32\polstore.dll

2008-08-14 23:25 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-08-14 23:20 988,216 ----a-w C:\Windows\System32\winload.exe

2008-08-14 23:20 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-08-14 23:20 615,992 ----a-w C:\Windows\System32\ci.dll

2008-08-14 23:20 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-08-14 23:20 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-08-14 23:20 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-08-14 23:20 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-08-14 23:20 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-08-14 23:20 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-08-14 23:20 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-08-14 23:19 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-08-14 23:19 14,848 ----a-w C:\Windows\System32\wshrm.dll

2008-08-14 23:18 84,480 ----a-w C:\Windows\System32\INETRES.dll

2008-08-14 23:18 738,304 ----a-w C:\Windows\System32\inetcomm.dll

2008-08-14 23:18 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-08-14 23:18 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-08-14 23:18 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-08-13 16:36 17,408 ----a-w C:\Windows\System32\rpcnetp.dll

2008-08-13 16:34 17,408 ----a-w C:\Windows\System32\rpcnetp.exe

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-05 1836544]

"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]

"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712]

"NDSTray.exe"="NDSTray.exe" [bU]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-01-25 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{EA04DC1D-C484-46BD-B2E3-67A091EF62CA}"= UDP:E:\GRY\Battlefield 2\BF2.exe:Battlefield 2

"{EBF8523C-6B7A-47FC-8831-5C7F7E2B78E1}"= TCP:E:\GRY\Battlefield 2\BF2.exe:Battlefield 2

"{8D1C8DBE-05F5-434B-A497-86763C1160DA}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

"{2E8DAD0B-9D2A-4EFC-AC69-B8ABBE4EE146}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-25 875288]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]

R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-25 69128]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]

S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{114fff61-8976-11dd-a280-00037aacb8a5}]

\shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cc01e51f-743a-11dd-b721-00037aacb8a5}]

\shell\AutoRun\command - D:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e66d5e4f-696f-11dd-a786-00037aacb8a5}]

\shell\AutoRun\command - H:\AUTORUN\AUTORUN.EXE

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

  • USUNIĘTO PUSTE WPISY - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

ShellExecuteHooks-{46D7049A-9DB9-4AEC-82B1-F101B9367CB1} - C:\Windows\system32\wvUoMeBq.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 19:23:04

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-10-28 19:24:39

ComboFix-quarantined-files.txt 2008-10-28 18:24:35

Przed: 47,995,224,064 bajtów wolnych

Po: 49,318,289,408 bajtów wolnych

246 --- E O F --- 2008-10-25 14:13:56

Co teraz?? (Po przeskanowaniu przez Spyware Doctor wykryło 3 zagrożenia: Application.TrackingCookies [infekcje], Application.Nir.Cmd [infekcje] i Trojan.Generic [infekcje])


(Leon$) #7

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport stronę uruchomić przez IE

:slight_smile:


(Kejsper 92) #8

Wszystko zrobiłem tylko, że zamiast Kasperskym, przeskanowałem Nortonem i nie wykryło żadnego wirusa :slight_smile: Komputer jest czysty :slight_smile: Leon$ wielkie dzięki za pomoc i fatygę !!