Koń trojański - bardzo proszę o pomoc!


(Bartgraf1983) #1

Witam Was serdecznie!

Mam problem, którego z racji ograniczonego ostatnio czasu nie jestem w stanie rozwiązać (inna sprawa to to że jestem w temacie wirów zielony, chociaż to żadne tłumaczenie, bo dla chcącego... :slight_smile:

Otóż moi mili, wpakowało mi się coś do systemu (mianowicie przy starcie systemu wyświetla mi komunikat z podaną ścieżką >> C:\Windows\system32\gupvxlpc.dll )

Przeskanowałem tylko kompa HiJack'iem i dostałem następującą treść:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18:23, on 2009-05-14

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Users\User\AppData\Roaming\advantage\AdVantage.exe

C:\Program Files\Sweex\Installer\Win2k\SWU.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {3F29E7E8-F660-48DD-A903-02634C74AB27} - C:\Windows\system32\hgGyyvss.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\wvUlihgd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {85D9E5F6-DE69-4B59-BF3E-17DE25CBCE96} - C:\Windows\system32\urqPiJyy.dll (file missing)

O2 - BHO: (no name) - {88F790FE-EB6E-4C2B-82F3-F0989071CC4B} - C:\Windows\system32\efcYOfDw.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: (no name) - {BF3A7547-6B96-421A-8392-541AC579B835} - C:\Windows\system32\urqRKAst.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E4D44C5D-17E8-4CE0-A0C4-8278422DA934} - C:\Windows\system32\yayvTnll.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUlihgd.dll,#1

O4 - HKLM..\Run: [4a570c16] rundll32.exe "C:\Windows\system32\gupvxlpc.dll",b

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKCU..\Run: [AdVantage] C:\Users\User\AppData\Roaming\advantage\AdVantage.exe

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Global Startup: Sweex WiFi Utility.lnk = C:\Program Files\Sweex\Installer\Win2k\SWU.exe

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Usługa Google Update (gupdate1c9c9dd8b9e0899) (gupdate1c9c9dd8b9e0899) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 9162 bytes

Będę Wam bardzo wdzięczny jeśli pomoglibyście mi z usunięciem tego cuda. Z góry serdecznie dziękuję!


(Neo117wp Pl) #2

http://hijackthis.de wklej to tu


(96jasio96) #3

:arrow: Sfiksuj w HijackThis

:arrow:Pobierasz ComboFix , ale nie uruchamiasz go . Tworzysz dokument tekstowy o nazwie CFScript . Zapisujesz w nim

.

Zapisujesz go obok ComboFix'a . Przeciągasz CFScript na ikonke ComboFix i upuszczasz . Ma się rozpocząć usuwanie . (Tak jak na rysunku)

CFScript-8a-4.gif

Daj log z usuwania


(Bartgraf1983) #4

Obawiam się że jeśli już ktoś mi to wytłumaczy po angielsku, to niewiele załapie :wink: ale tak jak poleciłeś, wkleiłem to tam

-- Dodane 14.05.2009 (Cz) 19:43 --

dobra, skumałem :wink: przeciez to nie forum :wink: kolego, powiedz mi proszę co dalej z tym fantem zrobić?!

-- Dodane 14.05.2009 (Cz) 19:46 --

Już to robię. Zaczekaj momencik, dobrze?! :slight_smile:

-- Dodane 14.05.2009 (Cz) 19:48 --

o kurcze... ostrzeżenie -> combofix wykrył, że ochrona rezydentna następujących programów jest aktywna: antispyware: Windows Defender

-- Dodane 14.05.2009 (Cz) 19:50 --

gdzie się zamyka tego defendera?! (w komunikacie jest info że jeśli tego nie zrobię to będzie kiszka :wink: a nawet uszkodzenie systemu... Pomóż kolego! :slight_smile:

-- Dodane 14.05.2009 (Cz) 19:51 --

mam ogromną prośbę do Ciebie! Czy możesz mi podać numer telefonu do siebie?! Zadzwoniłbym na chwilkę, tak byłoby szybciej i wygodniej. Bardzo Cię serdecznie proszę..


(96jasio96) #5

Po usuwaniu ComboFix , wyświetli się dokument tekstowy . Jego zawartość wklejasz na wklej.org . Na forum dajesz tylko link . Co do HijackThis Wybierasz opcje hijackthis3.jpg


(Bartgraf1983) #6

okey, próbuję zatem hijack'iem


(96jasio96) #7

Do zamknięcia Windowsa Defendera

:arrow: http://forum.ks-ekspert.pl/index.php?showtopic=108072

Numeru telefonu ci niestety nie dam :frowning:


(Bartgraf1983) #8

Zrobiłem fix i usunąłem te trzy wpisy. Coś jeszcze trzeba wykonać?

-- Dodane 14.05.2009 (Cz) 20:09 --

Mam nadal coś takiego ->

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:06:24, on 2009-05-14

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\conime.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {3F29E7E8-F660-48DD-A903-02634C74AB27} - C:\Windows\system32\hgGyyvss.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\wvUlihgd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {85D9E5F6-DE69-4B59-BF3E-17DE25CBCE96} - C:\Windows\system32\urqPiJyy.dll (file missing)

O2 - BHO: (no name) - {88F790FE-EB6E-4C2B-82F3-F0989071CC4B} - C:\Windows\system32\efcYOfDw.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: (no name) - {BF3A7547-6B96-421A-8392-541AC579B835} - C:\Windows\system32\urqRKAst.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E4D44C5D-17E8-4CE0-A0C4-8278422DA934} - C:\Windows\system32\yayvTnll.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUlihgd.dll,#1

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O4 - Global Startup: Sweex WiFi Utility.lnk = C:\Program Files\Sweex\Installer\Win2k\SWU.exe

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Usługa Google Update (gupdate1c9c9dd8b9e0899) (gupdate1c9c9dd8b9e0899) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 8971 bytes

i po skanie na: http://hijackthis.de/ nadal wyświetla mi że:

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\wvUlihgd.dll - must be fixed

O4 - HKLM..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUlihgd.dll,#1 - nasty

tylko te dwa wpisy mają krzyżyk zamiast "ptaszka" :slight_smile: Co dalej kolego?


(96jasio96) #9

Co dalej ?? Musisz wyłączyć wszelkie programy chroniące komputer i wykonać polecenie według instrukcji w 2 poście(wykonanie CFScript'u) .


(Bartgraf1983) #10

chyba już jest okey

dzięki serdeczne!


(96jasio96) #11

:arrow: Usuń folder C:\Qoobox

:arrow: Wyłącz i włącz przywracanie systemu

:arrow: Usuń zbędniki z autostartu

:arrow: Usuń śmieci i wyczyść rejestr CCleaner'em

:arrow: Wykonaj pełne skanowanie Dr.Web CureIt! i daj log na forum


(Bartgraf1983) #12

czyli co? teraz trzeba nadpisać te brakujące? o co chodzi dokładnie?

-- Dodane 14.05.2009 (Cz) 20:29 --

daj mi chwilkę na zrobienie tego wszystkiego


(96jasio96) #13

W celu optymalizacji i całkowitego wyleczenia wirusów zastosuj się do porad . Logów nie musisz wrzucać , ale możesz napisać , że np. Miałem zainfekowanie 3 pliki . Daj jeszcze loga z usuwania ComboFix'a


(Bartgraf1983) #14

log z combofixa:

ComboFix 09-05-14.02 - User 2009-05-14 20:33.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3326.2308 [GMT 2:00]

Uruchomiony z: c:\users\User\Downloads\ComboFix.exe

Użyto następujących komend :: c:\users\User\Desktop\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\bHRBayay.ini

c:\windows\system32\bHRBayay.ini2

c:\windows\system32\bwhgrxwr.ini

c:\windows\system32\cbXNGaWN.dll

c:\windows\system32\cplxvpug.ini

c:\windows\system32\djrylnav.ini

c:\windows\system32\hgGyyvss.dll

c:\windows\system32\hoekaxit.ini

c:\windows\system32\iifDSjGy.dll

c:\windows\system32\kmewkisc.ini

c:\windows\System32\llnTvyay.ini

c:\windows\system32\llnTvyay.ini2

c:\windows\system32\mkyjwpju.ini

c:\windows\system32\mnvxiqwm.ini

c:\windows\system32\pmnkJbCR.dll

c:\windows\System32\pruvvGgh.ini

c:\windows\system32\pruvvGgh.ini2

c:\windows\system32\ssvyyGgh.ini

c:\windows\system32\ssvyyGgh.ini2

c:\windows\system32\tauepwyv.ini

c:\windows\system32\tbbeflfp.ini

c:\windows\system32\tsAKRqru.ini

c:\windows\system32\tsAKRqru.ini2

c:\windows\system32\viuhbquu.ini

c:\windows\System32\wDfOYcfe.ini

c:\windows\system32\wDfOYcfe.ini2

c:\windows\system32\wvUlkJCT.dll

c:\windows\system32\xwmfqjsd.ini

c:\windows\system32\yGjSDfii.ini

c:\windows\System32\yGjSDfii.ini2

c:\windows\System32\yyJiPqru.ini

c:\windows\system32\yyJiPqru.ini2

.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-14 do 2009-05-14 )))))))))))))))))))))))))))))))

.

2009-05-14 17:13 . 2009-05-14 17:13 -------- d-----w c:\program files\Trend Micro

2009-05-12 18:02 . 2009-05-12 18:02 -------- d-----w c:\programdata\Electronic Arts

2009-05-12 18:02 . 2009-05-12 18:02 -------- d-----w c:\users\All Users\Electronic Arts

2009-05-12 18:00 . 2009-05-12 18:00 -------- d-----w c:\users\User\AppData\Local\Downloaded Installations

2009-05-12 17:58 . 2008-10-10 02:52 2036576 ----a-w c:\windows\system32\D3DCompiler_40.dll

2009-05-12 17:58 . 2008-10-10 02:52 452440 ----a-w c:\windows\system32\d3dx10_40.dll

2009-05-12 17:58 . 2008-10-10 02:52 4379984 ----a-w c:\windows\system32\D3DX9_40.dll

2009-05-12 17:58 . 2008-10-27 08:04 70992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2009-05-12 17:58 . 2008-10-27 08:04 514384 ----a-w c:\windows\system32\XAudio2_3.dll

2009-05-12 17:58 . 2008-10-27 08:04 235856 ----a-w c:\windows\system32\xactengine3_3.dll

2009-05-12 17:58 . 2008-10-27 08:04 23376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2009-05-06 19:48 . 2009-05-06 19:48 -------- d-----w c:\windows\Corel

2009-05-04 21:38 . 2009-05-04 21:38 -------- d-----w c:\program files\Activision

2009-05-04 21:34 . 2009-05-04 21:34 -------- d-sh--w c:\windows\ftpcache

2009-05-04 21:34 . 2009-05-04 21:34 -------- d-----w c:\program files\advantage

2009-05-04 21:34 . 2009-05-14 17:07 -------- d-----w c:\users\User\AppData\Roaming\advantage

2009-05-04 21:33 . 2009-05-04 21:33 -------- d-----w c:\users\User\AppData\Roaming\DAEMON Tools

2009-05-04 21:33 . 2009-05-04 21:34 -------- d-----w c:\program files\DAEMON Tools Lite

2009-05-03 08:35 . 2009-05-03 08:35 -------- d-----w c:\users\User\AppData\Roaming\Kaspersky_Key_Finder_(KKF

2009-05-01 13:30 . 2009-05-01 13:30 278728 ----a-w c:\windows\system32\drivers\atksgt.sys

2009-05-01 13:30 . 2009-05-01 13:30 25416 ----a-w c:\windows\system32\drivers\lirsgt.sys

2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\windows\system32\AGEIA

2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\program files\AGEIA Technologies

2009-05-01 13:10 . 2009-05-01 13:10 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-01 13:06 . 2009-05-01 13:06 -------- d-----w c:\program files\Xvid

2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\users\User\AppData\Local\Real

2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Common Files\xing shared

2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Real

2009-04-30 21:49 . 2009-04-30 21:49 348160 ----a-w c:\windows\system32\msvcr71.dll

2009-04-30 21:49 . 2009-04-30 21:49 499712 ----a-w c:\windows\system32\msvcp71.dll

2009-04-30 21:49 . 2009-04-30 21:49 -------- d-----w c:\program files\Common Files\Real

2009-04-18 18:16 . 2009-04-18 18:16 -------- d-----w c:\users\User\AppData\Roaming\OpenFM

2009-04-18 17:24 . 2009-04-19 15:23 -------- d-----w c:\users\User\AppData\Roaming\Nowe Gadu-Gadu

2009-04-15 07:27 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 07:27 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-15 07:27 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-14 18:36 . 2009-03-19 17:53 -------- d-----w c:\program files\lg_fwupdate

2009-05-14 18:35 . 2009-03-22 09:05 507936 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-05-14 18:35 . 2009-03-22 09:05 4912 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-05-14 18:35 . 2009-03-22 09:05 3401248 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-14 18:35 . 2009-03-22 09:05 29748 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-14 18:21 . 2008-01-21 06:24 664722 ----a-w c:\windows\system32\perfh015.dat

2009-05-14 18:21 . 2008-01-21 06:24 127546 ----a-w c:\windows\system32\perfc015.dat

2009-05-12 18:01 . 2009-05-12 18:01 1196 ----a-w c:\windows\system32\ealregsnapshot1.reg

2009-05-07 15:34 . 2009-03-19 13:13 128352 ----a-w c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-06 19:49 . 2009-03-19 13:20 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-05 21:29 . 2009-03-22 09:22 -------- d-----w c:\program files\Vuze

2009-05-05 21:28 . 2009-03-19 22:53 -------- d-----w c:\program files\AVS4YOU

2009-05-05 21:28 . 2009-03-19 22:53 -------- d-----w c:\program files\Common Files\AVSMedia

2009-04-30 21:49 . 2009-03-20 16:36 -------- d-----w c:\program files\Google

2009-04-22 06:41 . 2009-03-22 10:06 717296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-15 14:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-11 19:54 . 2009-04-11 19:54 -------- d-----w c:\program files\uTorrent

2009-04-10 18:13 . 2009-04-10 18:13 410984 ----a-w c:\windows\system32\deploytk.dll

2009-04-10 18:13 . 2009-04-10 18:13 -------- d-----w c:\program files\Java

2009-03-28 10:23 . 2009-03-19 13:19 -------- d-----w c:\program files\Common Files\InstallShield

2009-03-27 21:04 . 2009-03-27 21:04 -------- d-----w c:\program files\Microsoft Works

2009-03-27 21:04 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-03-27 21:03 . 2009-03-27 21:03 -------- d-----w c:\program files\Microsoft.NET

2009-03-27 21:02 . 2009-03-27 21:02 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-03-27 15:17 . 2009-03-19 17:12 -------- d-----w c:\program files\Common Files\Adobe

2009-03-22 10:09 . 2009-03-22 10:09 -------- d-----w c:\program files\Alcohol Soft

2009-03-22 09:22 . 2009-03-22 09:22 -------- d-----w c:\program files\Common Files\i4j_jres

2009-03-22 09:12 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-03-22 09:11 . 2009-03-22 09:05 89601 ----a-w c:\windows\system32\drivers\klick.dat

2009-03-22 09:11 . 2009-03-22 09:05 101287 ----a-w c:\windows\system32\drivers\klin.dat

2009-03-22 09:05 . 2009-03-22 09:05 -------- d-----w c:\program files\Kaspersky Lab

2009-03-21 07:57 . 2009-03-21 07:57 -------- d-----w c:\program files\MSXML 4.0

2009-03-20 16:42 . 2009-03-20 16:42 0 ----a-w c:\windows\nsreg.dat

2009-03-20 16:37 . 2009-03-20 16:37 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-03-20 16:17 . 2009-03-20 16:17 -------- d-----w c:\program files\Sweex

2009-03-20 16:17 . 2009-03-20 16:17 20747 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-03-19 18:14 . 2009-03-19 16:08 -------- d-----w c:\program files\RALINK

2009-03-19 17:50 . 2009-03-19 17:50 -------- d-----w c:\program files\Common Files\Ahead

2009-03-19 17:50 . 2009-03-19 17:50 -------- d-----w c:\program files\Nero

2009-03-19 17:48 . 2009-03-19 17:48 -------- d-----w c:\program files\CyberLink

2009-03-19 17:15 . 2009-03-19 17:15 -------- d-----w c:\program files\Adobe Media Player

2009-03-19 17:14 . 2009-03-19 17:14 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-03-19 17:13 . 2009-03-19 17:13 -------- d-----w c:\program files\Common Files\Macrovision Shared

2009-03-19 15:58 . 2009-03-19 15:58 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-03-19 13:26 . 2009-03-19 13:12 680 ----a-w c:\users\User\AppData\Local\d3d9caps.dat

2009-03-19 13:22 . 2009-03-19 13:18 -------- d-----w c:\program files\Intel

2009-03-19 13:21 . 2009-03-19 13:20 -------- d-----w c:\program files\Realtek

2009-03-19 13:21 . 2009-03-19 13:17 16608 ----a-w c:\windows\gdrv.sys

2009-03-19 13:20 . 2009-03-19 13:20 319456 ----a-w c:\windows\DIFxAPI.dll

2009-03-19 13:20 . 2009-03-19 13:20 315392 ----a-w c:\windows\HideWin.exe

2009-03-17 03:38 . 2009-04-15 07:26 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 07:26 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-03 04:46 . 2009-04-15 07:26 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-15 07:26 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-15 07:26 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-15 07:26 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 07:26 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 07:26 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 07:26 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 07:26 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 07:26 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-15 07:26 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 07:26 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 07:26 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-15 07:26 26624 ----a-w c:\windows\system32\ieUnatt.exe

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-20 39408]

"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-02 203928]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13576736]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 92704]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2006-08-17 249856]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-22 206088]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-30 198160]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-27 6295552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Sweex WiFi Utility.lnk - c:\program files\Sweex\Installer\Win2k\SWU.exe [2009-3-20 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2781820961-2937774440-250285186-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6C21E8EA-F2F6-4066-B375-CF884FCD4D53}"= UDP:5353:Adobe CSI CS4

"{EE111DC6-EF6B-4467-83AB-7B8497DC51E3}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{126388F3-791E-4788-8DB5-533CB3BEFE8C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{5A917EEE-E267-4EA1-BC9E-686137518A89}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{85EAC141-92ED-480A-9583-E4FE67D5C549}c:\program files\mozilla firefox\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{1C5DAACD-513F-4F48-A75C-53AD3AE41795}c:\program files\mozilla firefox\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"{48BCC38A-76F8-4B2F-9C52-BAF14F5F55D4}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{484DF64E-4F45-4905-9E16-345F51891881}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{316272E6-637B-4D65-8A4A-2279C0D10F52}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{EA611071-A3BD-466F-9B0F-744F44C8ED03}"= UDP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra

"{86DD30E4-8B09-40CC-92E0-5031CB14325A}"= TCP:d:\program files\Steam\steamapps\common\red orchestra\System\RedOrchestra.exe:Red Orchestra

"{F7CB71D4-3A5A-4242-9C36-7A14CFCE1C3B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7E9B2A50-1646-45E5-A768-841CE54BB2BF}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{B8819970-C37F-4C92-B454-3C5E0AA34300}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{0E5D0630-0483-400E-BCBF-5A4B1A94BCD8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5DE2A26D-9A00-4AC6-9D5B-2CBEAC08C8A7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{39FE6816-319B-455A-A139-9ED53C02CCD1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D84A5A20-BBA3-477C-870A-DE97D341FE69}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1A2B2A04-8042-466F-AB42-C5197827D47D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{B8D4216A-5D39-4070-A055-7007B84C8251}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{74818DB4-F729-4FD8-9B34-F21C3D55080A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{96338A93-3CF1-4891-9D42-CE2DDF3B9288}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{E89B1C31-591A-43F6-A222-5BC0C838D193}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FD9AA0B9-13B5-434D-ABAE-CE719A54D813}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4F0FB541-64DB-48A3-915C-88AF683D0120}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A199E1FB-13E8-4791-A697-7E948F86943D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{6FEF34D4-67FE-4827-8C97-AC53A2C17AB4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{125D2B90-880D-443E-B4A4-F75914A38583}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{9DBFCE87-CD7B-47D3-A030-96F0E1E32A7C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FE5F061E-A873-42D1-867C-F862B618F647}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C40304F4-F76E-46F8-8422-4C950CF2454F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{100D89A7-5FE8-40A9-A80E-1525402F6407}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{EF184491-F428-476F-B6DF-49728717F5D1}"= UDP:D:\utorrent.exe:µTorrent (TCP-In)

"{35B2BA3B-4607-4E22-A1A6-89705005F81B}"= TCP:D:\utorrent.exe:µTorrent (UDP-In)

"{BBA9CAA4-05ED-4292-A472-3E2D0A980330}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{6E0AECC3-2E17-40F7-8745-02EDB16C8D10}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{34BD3E3F-655F-4318-A057-59C878139C91}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{FFE0882E-3993-4F5B-8DA1-BDBD30CBBC77}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1FB736D2-2687-43B9-85D0-2F930A7BD33A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{00C28B71-91C6-4E77-8338-78934DADE923}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{50306727-C937-453F-B9CC-7B08FBAB02A8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7410F933-B0CA-4055-B214-3FAD1749DE54}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{05FD7723-B39D-433F-94D1-F8FD4B0924EB}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{D47B2061-52C8-4FA1-BFFC-B3187BC1B9E8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1408BCB6-BA26-4E48-A739-971861F9190F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3C032CFE-C1C7-4827-9F6C-784400EED702}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8D566522-70B3-402C-AD20-41B8E8C4F57F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{21E6AF34-B9E7-479D-B914-C977479FA218}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C37A381B-A133-494C-89D7-2628C004BA70}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4636F934-BD1C-487E-80A4-8008B0E15436}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{42B99656-831C-4024-AE23-49281699BD16}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{4FB4919B-A65C-4895-911E-ED42DA70B158}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{347FB153-DBFE-4D9F-ADCF-595855AE243C}"= UDP:e:\cod 4 mw\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{DD060219-8916-4F19-9966-D624D4C4F9FC}"= TCP:e:\cod 4 mw\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{10E29050-6020-45A5-AFC0-2D4B178687B2}"= UDP:e:\burnout paradise\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{D965A5A7-049E-4093-9900-725113FA846B}"= TCP:e:\burnout paradise\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{78F73BB5-1F42-422A-A335-55E8EF6DD699}"= UDP:e:\burnout paradise\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{D792A154-BB14-44DA-A5D4-35167EEF82E8}"= TCP:e:\burnout paradise\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{16B484DE-4253-43CE-87EA-F6E3DED25B2B}"= UDP:e:\burnout paradise\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{095C8B4A-3BA1-40EC-89B9-DC0D7ABB01B5}"= TCP:e:\burnout paradise\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-07-09 20496]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]

S2 gupdate1c9c9dd8b9e0899;Usługa Google Update (gupdate1c9c9dd8b9e0899);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 133104]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [2009-03-19 255488]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{4b0ecac6-38d4-11de-995a-00160a14548e}]

\shell\AutoRun\command - n:\setup\rsrc\Autorun.exe

\shell\dinstall\command - n:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{64ad74c6-16c9-11de-afe9-00160a14548e}]

\shell\AutoRun\command - K:\SETUP.EXE

\shell\configure\command - K:\SETUP.EXE

\shell\install\command - K:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab0bc0ed-1486-11de-94b5-806e6f6e6963}]

\shell\AutoRun\command - F:\Run.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c3ef4927-2f08-11de-9cad-00160a14548e}]

\shell\AutoRun\command - K:\INTRO.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d4377bd8-3e57-11de-ba38-00160a14548e}]

\shell\AutoRun\command - O:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dc264cd7-1b7e-11de-b753-00160a14548e}]

\shell\AutoRun\command - L:\nba2k9setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{dc264cd9-1b7e-11de-b753-00160a14548e}]

\shell\AutoRun\command - M:\INTRO.EXE

.

Zawartość folderu 'Zaplanowane zadania'

2009-05-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job

  • c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 21:49]

2009-05-13 c:\windows\Tasks\User_Feed_Synchronization-{2A8CF9A7-A308-485C-9C4A-1C351872E202}.job

  • c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

  • USUNIĘTO PUSTE WPISY - - - -

BHO-{00DAF676-7CF5-438B-9546-ACBD444C014B} - c:\windows\system32\hgGyyvss.dll

BHO-{85D9E5F6-DE69-4B59-BF3E-17DE25CBCE96} - c:\windows\system32\urqPiJyy.dll

BHO-{88F790FE-EB6E-4C2B-82F3-F0989071CC4B} - c:\windows\system32\efcYOfDw.dll

BHO-{BF3A7547-6B96-421A-8392-541AC579B835} - c:\windows\system32\urqRKAst.dll

BHO-{E4D44C5D-17E8-4CE0-A0C4-8278422DA934} - c:\windows\system32\yayvTnll.dll

HKCU-Run-AdobeBridge - (no file)

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.daemon-search.com/startpage

IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8j73ix5m.default\

FF - prefs.js: browser.startup.homepage - google.pl

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - component: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8j73ix5m.default\extensions{f6bf92e0-b190-11dd-ad8b-0800200c9a67}\components\AdVComponent.dll

FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-14 20:37

Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

c:\windows\System32\conime.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\System32\UI0Detect.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-14 20:39 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-14 18:39

Przed: 19 123 204 096 bajtów wolnych

Po: 19 036 401 664 bajtów wolnych

340 --- E O F --- 2009-05-01 01:00

-- Dodane 14.05.2009 (Cz) 20:43 --

Co dalej kolego? zrobić teraz to ->

??

mam Viste, więc http://support.microsoft.com/kb/310405/pl mnie, "zielonemu" nic tu chyba nie da :wink:


(dethloe123) #15

Bartnik1983 Logi dajesz na http://www.wklej.org/, http://www.wklejto.pl/ lub http://www.wklej.eu/ a w poście tylko link :!:


(Bartgraf1983) #16

przepraszam...

Co dalej kolego? zrobić teraz to ->

jasio96 napisał(a)::arrow: Usuń folder C:\Qoobox

:arrow: Wyłącz i włącz przywracanie systemu

:arrow: Usuń zbędniki z autostartu

:arrow: Usuń śmieci i wyczyść rejestr CCleaner'em

:arrow: Wykonaj pełne skanowanie Dr.Web CureIt! i daj log na forum

??

mam Viste, więc http://support.microsoft.com/kb/310405/pl mnie, "zielonemu" nic tu chyba nie da :wink:

-- Dodane 14.05.2009 (Cz) 20:55 --

muszę jechać na pogotowie. będę za godzinę. nakieruj mnie tak jak tylko możesz co mam zrobić dalej, to dokończę sobie to za godzinę. Dzięki serdeczne za pomoc!


(dethloe123) #17

http://www.vista.pl/artykuly/11250_przywracanie_systemu_w_windows_vista.html/