Koń trojański BackDoor.Generic10.YVB


(system) #1

Otóż mam antywirusa AVG i co nie wejdę np. w Mój kumputer wyskakuje mi :

Nazwa pliku: C:\Windows\system32\catsrvutv.dll

zagrożenie - nazwa: Koń trojański BackDoor.Generic10.YVB - Wykryto przy otwieraniu

I co jak dam WYLECZ to prosi o ponowne uruchomienie komputera. No dobra uruchamiam wchodzę na Mój komputer a tu znowu to i tak w nieskończoność. Wie ktoś może o co może chodzić i jak pozbyć się wirusa?

ps. Zauważyłem, że nie tylko jak wejdę na Mój kumputer ale w obojętnie jaki folder wejdę to wyskakuje.


(Blotny) #2

Ściągnij Trojan Remover. Jak będzie stawiał opór, to wejdź w IE i MKS online go potraktuj.


(Henio Mazurek) #3

Sprawdź czy masz w system32 plik o nazwie catsrvut.dll (jest to poprawny plik Windowsa), jeśli tak to powinieneś usunąć catsrvutv.dll (prawdobodobnie plik wirusa). Niektóre wirusy przybierają nazwy bliźniaczo podobne do oryginalnych plików Windowsa. Jak w Twoim przypadku catsrvut.dll (dobry) i catsrvutv.dll (prawdopodobnie wirus). Jeśli nie masz tego dobrego, to jest pewna strona, niestety zapomniałem adresu, z której możesz pobrać brakujące biblioteki. Jeśli to oryginalny plik systemowy jest zainfekowany to może pomóc naprawa systemu z płyty.

http://www.adware.com/malware_file_list/c.php


(Wilczurek23) #4

Usuń zawirusowany plik i wejdź jeszcze raz w Mój komputer. Powinno zadziałać. Jeśli znowu będziesz miał alarm wirusowy, a usunąłeś ten plik, to fałszywy alarm.

Pozdrawiam.


(Ciuci) #5

Użyj combofix wklej log na forum viewtopic.php?f=16&t=36654 na dole w linku!


(system) #6

Tak plik windowsa mam, ale tego zawirusowanego nie mogę na żaden sposób usunąć. Próbowałem Trojan removerem i z trybu awaryjnego. Dowiedziałem się również, że jest to plik z programu Alcochol 120%.


(Henio Mazurek) #7

Spróbuj Killboxem. Piszesz, że to plik Alkohola. Czyli są dwa wyjścia. Pierwsze- ściągnąłeś jego zawirusowaną wersję, ale to mało prawdopodobne. Drugie - to plik Alkohola mający za zadanie nękać cię reklamami albo innym badziewem (adware). Niektóre programy na licencji shareware mają takie ukryte komponenty.


(system) #8

Log z combofix:

ComboFix 09-02-21.01 - Administrator 2009-02-22 14:36:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.175 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Dane aplikacji\BITS

c:\documents and settings\Administrator\Dane aplikacji\BITS\BITS.ini

c:\documents and settings\Administrator\Dane aplikacji\BITS\DHTTable.dat

c:\documents and settings\Administrator\Dane aplikacji\BITS\ProxyList.ini

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 )))))))))))))))))))))))))))))))

.

2009-02-22 14:20 . 2009-02-22 14:21

2009-02-22 14:02 . 2009-02-22 14:02

2009-02-22 13:59 . 2009-02-22 13:59

2009-02-22 13:41 . 2009-02-22 13:42

2009-02-22 13:41 . 2009-02-22 13:41

2009-02-22 13:41 . 2009-02-22 13:41

2009-02-22 13:41 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll

2009-02-22 13:41 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll

2009-02-22 13:41 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll

2009-02-22 13:41 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll

2009-02-22 13:41 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll

2009-02-21 19:49 . 2009-02-21 20:57

2009-02-20 22:59 . 2009-02-21 20:57

2009-02-20 22:59 . 2005-03-29 08:34 246,784 --a------ c:\windows\system32\sqlite3.dll

2009-02-20 22:58 . 2009-02-20 22:58

2009-02-20 19:30 . 2009-02-22 10:48

2009-02-20 19:19 . 2009-02-20 19:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-20 19:19 . 2009-02-20 19:19 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-02-20 19:19 . 2009-02-20 19:19 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-20 19:18 . 2009-02-22 13:53

2009-02-20 19:18 . 2009-02-20 19:18

2009-02-20 19:18 . 2009-02-22 13:50

2009-02-20 19:18 . 2009-02-20 19:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-20 18:06 . 2009-02-20 18:43 35,883 --a------ c:\windows\system32\10004.sks

2009-02-20 18:06 . 2009-02-20 18:43 25,692 --a------ c:\windows\system32\10003.sks

2009-02-20 18:06 . 2009-02-20 18:43 801 --a------ c:\windows\system32\10001.sks

2009-02-20 18:06 . 2009-02-20 18:43 184 --a------ c:\windows\system32\10002.sks

2009-02-20 18:05 . 2009-02-20 19:05

2009-02-20 18:05 . 2009-02-20 18:38 2,380 --a------ c:\windows\system32\BlockedCookies

2009-02-20 18:05 . 2009-02-20 18:42 1,527 --a------ c:\windows\system32\sk_bho.ini

2009-02-20 17:02 . 2009-02-20 17:02

2009-02-17 18:09 . 2009-02-17 18:09

2009-02-17 18:00 . 2009-02-17 18:00

2009-02-15 21:49 . 2009-02-15 21:49

2009-02-15 21:46 . 2009-02-15 22:10

2009-02-11 17:33 . 2009-02-11 17:33 632 --a------ c:\windows\CoD.INI

2009-02-09 18:28 . 2009-02-09 18:28

2009-02-09 18:28 . 2009-02-09 18:28

2009-02-07 18:05 . 2009-02-07 18:05

2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2009-02-03 16:05 . 2009-02-03 16:05

2009-02-01 01:26 . 2009-02-01 01:26

2009-01-30 23:18 . 2009-01-30 23:18

2009-01-26 12:25 . 2009-01-26 12:24 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-24 23:35 . 2009-01-24 23:35

2009-01-24 23:32 . 2009-01-24 23:32

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 13:13 --------- d-----w c:\program files\Steam

2009-02-22 13:12 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-02-22 12:47 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent

2009-02-20 22:10 --------- d-----w c:\program files\GoD

2009-02-19 00:05 --------- d-----w c:\program files\Tibia Multi IP Changer

2009-02-15 20:50 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-15 20:48 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-12 20:52 --------- d-----w c:\program files\TuneUp Utilities 2007

2009-02-11 18:01 --------- d-----w c:\program files\MagicISO

2009-02-11 18:01 --------- d-----w c:\program files\eMule

2009-02-10 11:19 --------- d-----w c:\program files\Speeditup Free

2009-02-07 23:48 --------- d-----w c:\program files\netcut

2009-02-07 16:36 --------- d-----w c:\program files\uTorrent

2009-01-30 20:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-30 00:40 --------- d-----w c:\program files\Gadu-Gadu

2009-01-28 14:37 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Hamachi

2009-01-26 11:24 --------- d-----w c:\program files\Java

2009-01-25 19:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KSP

2009-01-25 14:06 --------- d-----w c:\program files\eSkiMoS R2

2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll

2008-11-28 22:22 37,888 ----a-w c:\windows\system32\rar.exe

2008-11-26 15:22 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-09-20 11:40 246 ----a-w c:\documents and settings\Administrator\Dane aplikacji\shedl.bat

2008-09-20 11:39 1,695,744 ----a-w c:\documents and settings\Administrator\Dane aplikacji\NTuser.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-02-20_17.21.37.96 )))))))))))))))))))))))))))))))))))))))))

.

  • 2004-08-03 23:43:52 61,440 -c----w c:\windows\ie7\admparse.dll

  • 2004-08-03 23:43:52 100,864 -c----w c:\windows\ie7\advpack.dll

  • 2004-08-03 23:43:54 1,017,344 -c----w c:\windows\ie7\browseui.dll

  • 2004-08-03 23:43:56 35,328 -c----w c:\windows\ie7\corpol.dll

  • 2004-08-03 23:43:58 357,888 -c----w c:\windows\ie7\dxtmsft.dll

  • 2004-08-03 23:43:58 201,728 -c----w c:\windows\ie7\dxtrans.dll

  • 2004-08-03 23:43:58 55,808 -c----w c:\windows\ie7\extmgr.dll

  • 2004-08-03 23:44:00 38,912 -c----w c:\windows\ie7\hmmapi.dll

  • 2004-08-03 23:44:22 34,304 -c----w c:\windows\ie7\ie4uinit.exe

  • 2004-08-03 23:44:00 139,264 -c----w c:\windows\ie7\ieakeng.dll

  • 2004-08-03 23:44:00 219,648 -c----w c:\windows\ie7\ieaksie.dll

  • 2001-10-26 18:28:02 237,568 -c----w c:\windows\ie7\ieakui.dll

  • 2004-08-03 23:44:00 323,584 -c----w c:\windows\ie7\iedkcs32.dll

  • 2004-08-03 23:44:22 18,432 -c----w c:\windows\ie7\iedw.exe

  • 2004-08-03 23:44:00 81,920 -c----w c:\windows\ie7\ieencode.dll

  • 2004-08-03 23:44:00 249,344 -c----w c:\windows\ie7\iepeers.dll

  • 2004-08-03 23:44:00 48,640 -c----w c:\windows\ie7\iernonce.dll

  • 2004-08-03 23:44:00 63,488 -c----w c:\windows\ie7\iesetup.dll

  • 2004-08-03 23:44:22 93,184 -c----w c:\windows\ie7\iexplore.exe

  • 2004-08-03 23:44:00 35,840 -c----w c:\windows\ie7\imgutil.dll

  • 2004-08-03 23:44:02 96,768 -c----w c:\windows\ie7\inseng.dll

  • 2004-08-03 23:44:02 450,560 -c----w c:\windows\ie7\jscript.dll

  • 2004-08-03 23:44:02 15,872 -c----w c:\windows\ie7\jsproxy.dll

  • 2004-08-03 23:44:02 22,016 -c----w c:\windows\ie7\licmgr10.dll

  • 2004-08-03 23:44:24 29,184 -c----w c:\windows\ie7\mshta.exe

  • 2004-08-03 23:44:06 3,003,392 -c----w c:\windows\ie7\mshtml.dll

  • 2004-08-03 23:44:06 448,512 -c----w c:\windows\ie7\mshtmled.dll

  • 2004-08-03 23:42:58 57,344 -c----w c:\windows\ie7\mshtmler.dll

  • 2001-10-26 18:26:58 146,432 -c----w c:\windows\ie7\msls31.dll

  • 2004-08-03 23:44:06 146,432 -c----w c:\windows\ie7\msrating.dll

  • 2004-08-03 23:44:06 530,432 -c----w c:\windows\ie7\mstime.dll

  • 2004-08-03 23:44:08 97,280 -c----w c:\windows\ie7\occache.dll

  • 2004-08-03 23:44:10 39,424 -c----w c:\windows\ie7\pngfilt.dll

  • 2004-08-03 23:44:10 1,483,264 -c----w c:\windows\ie7\shdocvw.dll

  • 2004-08-03 23:44:12 473,600 -c----w c:\windows\ie7\shlwapi.dll

  • 2007-09-27 15:05:44 33,472 -c----w c:\windows\ie7\spuninst\iecustom.dll

  • 2007-09-27 15:03:44 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe

  • 2006-09-06 16:43:48 216,288 -c----w c:\windows\ie7\spuninst\spuninst.exe

  • 2006-09-06 16:43:48 386,784 -c----w c:\windows\ie7\spuninst\updspapi.dll

  • 2004-08-03 23:44:14 37,888 -c----w c:\windows\ie7\url.dll

  • 2004-08-03 23:44:14 602,112 -c----w c:\windows\ie7\urlmon.dll

  • 2004-08-03 23:44:14 417,792 -c----w c:\windows\ie7\vbscript.dll

  • 2004-08-03 23:44:14 848,384 -c----w c:\windows\ie7\vgx.dll

  • 2004-08-03 23:44:14 279,552 -c----w c:\windows\ie7\webcheck.dll

  • 2004-08-03 23:44:16 658,944 -c----w c:\windows\ie7\wininet.dll

  • 1999-04-17 22:36:40 10,752 ----a-w c:\windows\system32\aamd532.dll

  • 2003-05-07 16:09:56 147,456 ----a-w c:\windows\system32\AbsoluteHttp.dll

  • 2004-08-03 23:43:52 61,440 ----a-w c:\windows\system32\admparse.dll

  • 2007-08-13 17:39:20 71,680 ----a-w c:\windows\system32\admparse.dll

  • 2004-08-03 23:43:52 100,864 ----a-w c:\windows\system32\advpack.dll

  • 2007-08-13 17:39:00 123,904 ----a-w c:\windows\system32\advpack.dll

  • 2004-08-03 23:43:54 1,017,344 ----a-w c:\windows\system32\browseui.dll

  • 2006-09-23 12:13:00 1,022,976 ----a-w c:\windows\system32\browseui.dll

  • 2004-08-03 23:43:56 35,328 ----a-w c:\windows\system32\corpol.dll

  • 2007-08-13 17:42:54 17,408 ----a-w c:\windows\system32\corpol.dll

  • 2007-08-13 17:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll

  • 2007-08-13 17:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll

  • 2006-09-23 12:13:00 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll

  • 2004-08-03 23:43:54 628,224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll

  • 2007-08-13 17:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll

  • 2007-08-13 17:54:10 33,792 -c----w c:\windows\system32\dllcache\custsat.dll

  • 2007-08-13 17:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll

  • 2007-08-13 17:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

  • 2007-08-13 17:54:10 131,584 -c----w c:\windows\system32\dllcache\extmgr.dll

  • 2007-08-13 17:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll

  • 2007-08-13 17:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe

  • 2007-08-13 17:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll

  • 2007-08-13 17:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll

  • 2001-10-26 18:28:02 237,568 -c--a-w c:\windows\system32\dllcache\ieakui.dll

  • 2007-08-13 16:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

  • 2007-08-13 17:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll

  • 2007-08-13 17:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe

  • 2007-08-13 17:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll

  • 2007-08-13 17:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll

  • 2007-08-13 17:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll

  • 2007-08-13 17:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll

  • 2007-08-13 17:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe

  • 2007-08-13 17:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll

  • 2007-08-13 17:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll

  • 2007-08-13 17:38:04 491,520 -c----w c:\windows\system32\dllcache\jscript.dll

  • 2007-08-13 17:54:10 27,136 -c----w c:\windows\system32\dllcache\jsproxy.dll

  • 2007-08-13 17:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll

  • 2007-08-13 17:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe

  • 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\system32\dllcache\mshtml.dll

  • 2007-08-13 17:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll

  • 2007-08-13 17:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll

  • 2001-10-26 18:26:58 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll

  • 2007-08-13 17:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

  • 2007-08-13 17:44:26 192,000 -c----w c:\windows\system32\dllcache\msrating.dll

  • 2007-08-13 17:54:10 670,720 -c----w c:\windows\system32\dllcache\mstime.dll

  • 2007-08-13 17:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll

  • 2007-08-13 17:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

  • 2006-09-23 12:13:02 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll

  • 2006-09-23 12:13:02 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll

  • 2007-08-13 17:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll

  • 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\system32\dllcache\urlmon.dll

  • 2007-08-13 17:54:10 413,696 -c----w c:\windows\system32\dllcache\vbscript.dll

  • 2007-08-13 17:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll

  • 2007-08-13 17:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll

  • 2007-08-13 17:54:10 818,688 -c----w c:\windows\system32\dllcache\wininet.dll

  • 2009-02-20 18:18:53 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys

  • 2004-08-03 23:43:58 357,888 ----a-w c:\windows\system32\dxtmsft.dll

  • 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll

  • 2004-08-03 23:43:58 201,728 ----a-w c:\windows\system32\dxtrans.dll

  • 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll

  • 2004-08-03 23:43:58 55,808 ------w c:\windows\system32\extmgr.dll

  • 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll

  • 2007-08-13 17:36:26 61,952 ------w c:\windows\system32\icardie.dll

  • 2006-06-29 07:05:44 26,112 ------w c:\windows\system32\idndl.dll

  • 2004-08-03 23:44:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe

  • 2007-08-13 17:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe

  • 2004-08-03 23:44:00 139,264 ----a-w c:\windows\system32\ieakeng.dll

  • 2007-08-13 17:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll

  • 2004-08-03 23:44:00 219,648 ----a-w c:\windows\system32\ieaksie.dll

  • 2007-08-13 17:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll

  • 2001-10-26 18:28:02 237,568 ----a-w c:\windows\system32\ieakui.dll

  • 2007-08-13 16:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll

  • 2007-02-12 15:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat

  • 2007-07-11 11:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll

  • 2004-08-03 23:44:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll

  • 2007-08-13 17:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll

  • 2004-08-03 23:44:00 81,920 ------w c:\windows\system32\ieencode.dll

  • 2007-08-13 17:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll

  • 2007-08-13 17:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll

  • 2004-08-03 23:44:00 249,344 ----a-w c:\windows\system32\iepeers.dll

  • 2007-08-13 17:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll

  • 2004-08-03 23:44:00 48,640 ----a-w c:\windows\system32\iernonce.dll

  • 2007-08-13 17:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll

  • 2007-08-13 17:34:04 266,752 ------w c:\windows\system32\iertutil.dll

  • 2004-08-03 23:44:00 63,488 ----a-w c:\windows\system32\iesetup.dll

  • 2007-08-13 17:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll

  • 2007-08-13 17:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe

  • 2007-08-13 17:54:10 180,736 ------w c:\windows\system32\ieui.dll

  • 2004-08-03 23:44:00 35,840 ----a-w c:\windows\system32\imgutil.dll

  • 2007-08-13 17:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll

  • 2004-08-03 23:44:02 96,768 ----a-w c:\windows\system32\inseng.dll

  • 2007-08-13 17:39:02 92,672 ----a-w c:\windows\system32\inseng.dll

  • 2004-08-03 23:44:02 450,560 ----a-w c:\windows\system32\jscript.dll

  • 2007-08-13 17:38:04 491,520 ----a-w c:\windows\system32\jscript.dll

  • 2004-08-03 23:44:02 15,872 ----a-w c:\windows\system32\jsproxy.dll

  • 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll

  • 2004-08-03 23:44:02 22,016 ----a-w c:\windows\system32\licmgr10.dll

  • 2007-08-13 17:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll

  • 2007-08-13 17:54:10 458,752 ------w c:\windows\system32\msfeeds.dll

  • 2007-08-13 17:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll

  • 2007-08-13 17:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe

  • 2004-08-03 23:44:24 29,184 ----a-w c:\windows\system32\mshta.exe

  • 2007-08-13 17:32:30 45,568 ----a-w c:\windows\system32\mshta.exe

  • 2004-08-03 23:44:06 3,003,392 ----a-w c:\windows\system32\mshtml.dll

  • 2007-08-13 17:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll

  • 2004-08-03 23:44:06 448,512 ----a-w c:\windows\system32\mshtmled.dll

  • 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll

  • 2004-08-03 23:42:58 57,344 ----a-w c:\windows\system32\mshtmler.dll

  • 2007-08-13 17:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll

  • 2001-10-26 18:26:58 146,432 ----a-w c:\windows\system32\msls31.dll

  • 2007-08-13 17:54:10 156,160 ----a-w c:\windows\system32\msls31.dll

  • 2004-08-03 23:44:06 146,432 ----a-w c:\windows\system32\msrating.dll

  • 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\msrating.dll

  • 2004-08-03 23:44:06 530,432 ----a-w c:\windows\system32\mstime.dll

  • 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\mstime.dll

  • 2006-06-28 16:59:26 24,576 ------w c:\windows\system32\nlsdl.dll

  • 2006-06-29 07:05:44 23,552 ------w c:\windows\system32\normaliz.dll

  • 2004-08-03 23:44:08 97,280 ----a-w c:\windows\system32\occache.dll

  • 2007-08-13 17:44:06 101,376 ----a-w c:\windows\system32\occache.dll

  • 2004-08-03 23:44:10 39,424 ----a-w c:\windows\system32\pngfilt.dll

  • 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll

  • 2004-08-03 23:44:10 1,483,264 ----a-w c:\windows\system32\shdocvw.dll

  • 2006-09-23 12:13:02 1,497,088 ----a-w c:\windows\system32\shdocvw.dll

  • 2004-08-03 23:44:12 473,600 ----a-w c:\windows\system32\shlwapi.dll

  • 2006-09-23 12:13:02 474,112 ----a-w c:\windows\system32\shlwapi.dll

  • 2008-04-11 20:17:50 89,088 ----a-w c:\windows\system32\SkanerOnlineUninstall.exe

  • 2004-07-17 21:57:02 9,216 ------w c:\windows\system32\spmsg.dll

  • 2006-09-06 16:43:48 16,096 ------w c:\windows\system32\spmsg.dll

  • 2004-08-03 21:43:40 15,872 ----a-w c:\windows\system32\spupdsvc.exe

  • 2006-09-06 16:43:48 22,752 ----a-w c:\windows\system32\spupdsvc.exe

  • 2006-11-08 14:33:52 2,380 ----a-w c:\windows\system32\SRPBlkCoo.dll

  • 2008-06-21 13:08:30 623,157 ----a-w c:\windows\system32\SRPESig.dll

  • 2008-06-21 13:09:36 6,538,067 ----a-w c:\windows\system32\SRPFSig.dll

  • 2004-05-15 11:12:00 13,772 ----a-w c:\windows\system32\SRPImmData.dll

  • 2004-07-16 15:11:38 622,113 ----a-w c:\windows\system32\SRPList.dll

  • 2008-06-21 13:10:54 8,813,777 ----a-w c:\windows\system32\SRPRSig.dll

  • 2003-01-26 12:41:24 40,960 ----a-w c:\windows\system32\SSubTmr6.dll

  • 2004-08-03 23:44:14 37,888 ----a-w c:\windows\system32\url.dll

  • 2007-08-13 17:44:30 105,984 ----a-w c:\windows\system32\url.dll

  • 2004-08-03 23:44:14 602,112 ----a-w c:\windows\system32\urlmon.dll

  • 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll

  • 2004-08-03 23:44:14 417,792 ----a-w c:\windows\system32\vbscript.dll

  • 2007-08-13 17:54:10 413,696 ----a-w c:\windows\system32\vbscript.dll

  • 2004-08-03 23:44:14 279,552 ----a-w c:\windows\system32\webcheck.dll

  • 2007-08-13 17:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll

  • 2007-08-13 17:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe

  • 2004-08-03 23:44:16 658,944 ----a-w c:\windows\system32\wininet.dll

  • 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\wininet.dll

  • 2006-07-14 15:51:51 121,856 ------w c:\windows\system32\xmllite.dll

  • 2009-02-22 13:11:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f4.dat

.

-- Migawka wyzerowana --

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{2029E2AA-EA38-41FD-849E-F1AD05F94187}]

2002-09-20 19:03 98816 --a------ c:\windows\System32\catsrvutv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Search Defender"="c:\program files\Speeditup Free\SearchDefender.exe" [2007-08-02 541696]

"Steam"="c:\program files\steam\Steam.exe" [2008-10-08 1410296]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-07-13 7937024]

"BearShare"="c:\program files\BearShare\BearShare.exe" [2006-08-01 3313664]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"PC-Checkup"="c:\program files\Speeditup Free\PCCheckUp\PCCheckUp.exe" [2007-08-02 3965440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"No-IP Client 1.42"="c:\program files\No-IP Client\noipclient.exe" [2006-05-13 571392]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664]

"AdminHpr"="c:\windows\system32\tmber8.DLL" [2004-08-17 61440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-20 1601304]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\

Anti netcut 2.lnk - d:\internet\Anti netcut 2.bat [2009-02-08 39]

Anti netcut.lnk - d:\internet\Anti netcut.bat [2009-02-08 39]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

PLANET WL-U356A Utility.lnk - c:\program files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-10-24 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-20 19:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\Program Files\FlashGet\FlashGet.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"c:\Program Files\AVG\AVG8\avgam.exe"=

"c:\Program Files\AVG\AVG8\avgemc.exe"=

"c:\Program Files\AVG\AVG8\avgupd.exe"=

"c:\Program Files\AVG\AVG8\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:Tibia

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-20 12552]

R0 gaplcmhx;gaplcmhx;c:\windows\system32\drivers\gaplcmhx.sys [2001-08-17 23424]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-20 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-20 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-20 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]

R3 ZD1211BU(PLANET Technology Corp.):stuck_out_tongue_winking_eye:LANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211BU.sys [2008-10-24 402432]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-09-08 20608]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Zawartość folderu 'Zaplanowane zadania'

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]

.

  • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-SpyRemoverPro - c:\program files\SpyRemover Pro\SpyRemoverPro.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.searchgateway.net/search.php ... ID%3A11q=%s

IE: Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm

IE: Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm

IE: Pobierz wszystko przez FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm

IE: Pobrane przez FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm

IE: Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm

Trusted Zone: mks.com.pl\www

TCP: {6393F45C-AE20-4E39-A7F4-9C5F41537909} = 192.168.10.100,194.204.152.34,194.204.159.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 14:38:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'winlogon.exe'(760)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-02-22 14:40:17

ComboFix-quarantined-files.txt 2009-02-22 13:40:12

Przed: 54 463 922 176 bajtów wolnych

Po: 54,470,275,072 bajtów wolnych

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

399


(Leon$) #9

Pobierz Combofix viewtopic.php?f=16&t=36654 przeskanuj system daj log

potem przeskanuj HijackThis 2.02 daj log

kolejność skanowania jak podałem

:slight_smile:


(system) #10

Killbox też nie dał rady :frowning:

-- Dodane 22.02.2009 (N) 15:06 --

Log z Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:02:17, on 2009-02-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\No-IP Client\noipclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Speeditup Free\SearchDefender.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search.php ... ID%3A11&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll

O2 - BHO: (no name) - {2029E2AA-EA38-41FD-849E-F1AD05F94187} - C:\WINDOWS\System32\catsrvutv.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1

O4 - HKLM..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [PC-Checkup] "C:\Program Files\Speeditup Free\PCCheckUp\PCCheckUp.exe" -mini

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [No-IP Client 1.42] C:\Program Files\No-IP Client\noipclient.exe

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [AdminHpr] RUNDLL32.EXE C:\WINDOWS\system32\tmber8.DLL,i

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [search Defender] "C:\Program Files\Speeditup Free\SearchDefender.exe"

O4 - HKCU..\Run: [steam] C:\program files\steam\Steam.exe -silent

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Anti netcut 2.lnk = D:\Internet\Anti netcut 2.bat

O4 - Startup: Anti netcut.lnk = D:\Internet\Anti netcut.bat

O4 - Global Startup: PLANET WL-U356A Utility.lnk = C:\Program Files\PLANET WL-U356A\PLANET\WlanUtil.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet\ComDlls\Bholink.htm

O8 - Extra context menu item: &Pobierz wszystko przez FlashGet - C:\Program Files\FlashGet\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Pobrane przez FlashGet - C:\Program Files\FlashGet\ComDlls\Bholink.htm

O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm

O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm

O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip..{6393F45C-AE20-4E39-A7F4-9C5F41537909}: NameServer = 192.168.10.100,194.204.152.34,194.204.159.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

--

End of file - 7887 bytes


(Leon$) #11

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(system) #12

Niestety :frowning:

Oto log:

ComboFix 09-02-21.01 - Administrator 2009-02-22 15:45:38.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.147 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::

c:\windows\System32\catsrvutv.dll

c:\windows\system32\tmber8.DLL

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\tmber8.DLL

c:\windows\System32\catsrvutv.dll . . . . nie udało się usunąć

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-22 do 2009-02-22 )))))))))))))))))))))))))))))))

.

2009-02-22 14:20 . 2009-02-22 14:21

2009-02-22 14:02 . 2009-02-22 14:02

2009-02-22 13:59 . 2009-02-22 13:59

2009-02-22 13:41 . 2009-02-22 13:42

2009-02-22 13:41 . 2009-02-22 13:41

2009-02-22 13:41 . 2009-02-22 13:41

2009-02-22 13:41 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll

2009-02-22 13:41 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll

2009-02-22 13:41 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll

2009-02-22 13:41 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll

2009-02-22 13:41 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll

2009-02-21 19:49 . 2009-02-21 20:57

2009-02-20 22:59 . 2009-02-21 20:57

2009-02-20 22:59 . 2005-03-29 08:34 246,784 --a------ c:\windows\system32\sqlite3.dll

2009-02-20 22:58 . 2009-02-20 22:58

2009-02-20 19:30 . 2009-02-22 10:48

2009-02-20 19:19 . 2009-02-20 19:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-20 19:19 . 2009-02-20 19:19 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys

2009-02-20 19:19 . 2009-02-20 19:19 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-20 19:18 . 2009-02-22 13:53

2009-02-20 19:18 . 2009-02-20 19:18

2009-02-20 19:18 . 2009-02-22 13:50

2009-02-20 19:18 . 2009-02-20 19:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-20 18:06 . 2009-02-20 18:43 35,883 --a------ c:\windows\system32\10004.sks

2009-02-20 18:06 . 2009-02-20 18:43 25,692 --a------ c:\windows\system32\10003.sks

2009-02-20 18:06 . 2009-02-20 18:43 801 --a------ c:\windows\system32\10001.sks

2009-02-20 18:06 . 2009-02-20 18:43 184 --a------ c:\windows\system32\10002.sks

2009-02-20 18:05 . 2009-02-20 19:05

2009-02-20 18:05 . 2009-02-20 18:38 2,380 --a------ c:\windows\system32\BlockedCookies

2009-02-20 18:05 . 2009-02-20 18:42 1,527 --a------ c:\windows\system32\sk_bho.ini

2009-02-20 17:02 . 2009-02-20 17:02

2009-02-17 18:09 . 2009-02-17 18:09

2009-02-17 18:00 . 2009-02-17 18:00

2009-02-15 21:49 . 2009-02-15 21:49

2009-02-15 21:46 . 2009-02-15 22:10

2009-02-11 17:33 . 2009-02-11 17:33 632 --a------ c:\windows\CoD.INI

2009-02-09 18:28 . 2009-02-09 18:28

2009-02-09 18:28 . 2009-02-09 18:28

2009-02-07 18:05 . 2009-02-07 18:05

2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2009-02-03 16:06 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll

2009-02-03 16:06 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll

2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a------ c:\windows\system32\drivers\kbdhid.sys

2009-02-03 16:06 . 2004-08-04 00:38 14,848 --a--c--- c:\windows\system32\dllcache\kbdhid.sys

2009-02-03 16:05 . 2009-02-03 16:05

2009-02-01 01:26 . 2009-02-01 01:26

2009-01-26 12:25 . 2009-01-26 12:24 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-24 23:35 . 2009-01-24 23:35

2009-01-24 23:32 . 2009-01-24 23:32

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 14:47 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent

2009-02-22 13:13 --------- d-----w c:\program files\Steam

2009-02-22 13:12 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-02-20 22:10 --------- d-----w c:\program files\GoD

2009-02-19 00:05 --------- d-----w c:\program files\Tibia Multi IP Changer

2009-02-15 20:50 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-15 20:48 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-12 20:52 --------- d-----w c:\program files\TuneUp Utilities 2007

2009-02-11 18:01 --------- d-----w c:\program files\MagicISO

2009-02-11 18:01 --------- d-----w c:\program files\eMule

2009-02-10 11:19 --------- d-----w c:\program files\Speeditup Free

2009-02-07 23:48 --------- d-----w c:\program files\netcut

2009-02-07 16:36 --------- d-----w c:\program files\uTorrent

2009-01-30 20:35 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-30 00:40 --------- d-----w c:\program files\Gadu-Gadu

2009-01-28 14:37 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Hamachi

2009-01-26 11:24 --------- d-----w c:\program files\Java

2009-01-25 19:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KSP

2009-01-25 14:06 --------- d-----w c:\program files\eSkiMoS R2

2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll

2008-11-28 22:22 37,888 ----a-w c:\windows\system32\rar.exe

2008-11-26 15:22 73,216 ----a-w c:\windows\ST6UNST.EXE

2008-09-20 11:40 246 ----a-w c:\documents and settings\Administrator\Dane aplikacji\shedl.bat

2008-09-20 11:39 1,695,744 ----a-w c:\documents and settings\Administrator\Dane aplikacji\NTuser.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-02-22_14.39.00,69 )))))))))))))))))))))))))))))))))))))))))

.

  • 2009-02-22 14:49:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_25c.dat

  • 2009-02-22 14:49:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7d0.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{2029E2AA-EA38-41FD-849E-F1AD05F94187}]

2002-09-20 19:03 98816 --a------ c:\windows\System32\catsrvutv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-07-13 7937024]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"No-IP Client 1.42"="c:\program files\No-IP Client\noipclient.exe" [2006-05-13 571392]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2008-03-06 241664]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-20 1601304]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\

Anti netcut 2.lnk - d:\internet\Anti netcut 2.bat [2009-02-08 39]

Anti netcut.lnk - d:\internet\Anti netcut.bat [2009-02-08 39]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

PLANET WL-U356A Utility.lnk - c:\program files\PLANET WL-U356A\PLANET\WlanUtil.exe [2008-10-24 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-20 19:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\Program Files\FlashGet\FlashGet.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"c:\Program Files\AVG\AVG8\avgam.exe"=

"c:\Program Files\AVG\AVG8\avgemc.exe"=

"c:\Program Files\AVG\AVG8\avgupd.exe"=

"c:\Program Files\AVG\AVG8\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7171:TCP"= 7171:TCP:Tibia

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-20 12552]

R0 gaplcmhx;gaplcmhx;c:\windows\system32\drivers\gaplcmhx.sys [2001-08-17 23424]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-20 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-20 107272]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-20 903960]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-20 298264]

R3 ZD1211BU(PLANET Technology Corp.):stuck_out_tongue_winking_eye:LANET WL-U356A Driver(PLANET Technology Corp.);c:\windows\system32\drivers\ZD1211BU.sys [2008-10-24 402432]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-09-08 20608]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Zawartość folderu 'Zaplanowane zadania'

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.searchgateway.net/search.php ... ID%3A11q=%s

IE: Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm

IE: Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm

IE: Pobierz wszystko przez FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm

IE: Pobrane przez FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm

IE: Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm

Trusted Zone: mks.com.pl\www

TCP: {6393F45C-AE20-4E39-A7F4-9C5F41537909} = 192.168.10.100,194.204.152.34,194.204.159.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 15:49:38

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'winlogon.exe'(764)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Czas ukończenia: 2009-02-22 15:52:15 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-02-22 14:52:11

ComboFix2.txt 2009-02-22 13:40:18

Przed: 54 446 166 016 bajtów wolnych

Po: 54,430,990,336 bajtów wolnych

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

214

-- Dodane 22.02.2009 (N) 15:57 --

Dziwne bo wirusa mi już nie widzi, ale plik został.

-- Dodane 22.02.2009 (N) 16:50 --

Dzięki wszystkim za pomoc


(Leon$) #13

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile: