Logi-koń trojański dowlander


(natarcie_) #1

Kaspersky coś tamwykrył ale nie jestem pewnien daje log z Combofix i Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:23:39, on 2008-10-19

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Winamp\winamp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5418 bytes

ComboFix 08-10-18.03 - Oliver 2008-10-19 19:14:04.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1408 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Oliver\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\WINDOWS\k.txt

.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-19 do 2008-10-19 )))))))))))))))))))))))))))))))

.

2008-10-19 18:45 . 2008-10-19 19:19

2008-10-19 18:45 . 2008-10-19 19:00

2008-10-18 21:59 . 2008-10-18 22:01

2008-10-18 21:59 . 2008-10-18 22:02

2008-10-18 08:28 . 2008-10-19 19:15

2008-10-18 08:28 . 2008-10-19 19:15

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-08 19:51

2008-10-18 08:28 . 2008-10-08 19:51

2008-10-18 08:28 . 2008-10-08 21:45

2008-10-18 08:28 . 2008-10-08 21:45

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-08 21:45

2008-10-18 08:28 . 2008-10-08 21:45

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-18 08:28

2008-10-18 08:28 . 2008-10-19 11:25

2008-10-17 17:28 . 2008-10-17 17:28 68,296 --a------ C:\WINDOWS\system32\drivers\GRD.sys

2008-10-17 17:22 . 2008-10-17 18:01

2008-10-17 17:22 . 2008-10-17 18:01

2008-10-17 17:22 . 2008-10-17 17:22 50,888 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys

2008-10-17 17:22 . 2008-10-17 17:22 50,888 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2008-10-17 16:27 . 2008-10-17 16:27

2008-10-17 16:27 . 2008-10-17 16:46

2008-10-17 16:05 . 2008-10-17 16:08

2008-10-17 15:44 . 2008-04-14 19:20 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-10-17 15:44 . 2008-04-14 18:20 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2008-10-17 15:44 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-10-17 15:44 . 2008-04-13 20:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-10-16 20:48 . 2008-10-19 11:15

2008-10-16 20:48 . 2008-10-16 20:48 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-10-16 20:47 . 2008-10-19 11:17

2008-10-16 20:46 . 2008-10-16 20:46

2008-10-16 20:46 . 2008-10-16 20:46

2008-10-16 20:46 . 2008-10-16 20:46

2008-10-15 20:45 . 2008-10-15 20:46 3 --a------ C:\WINDOWS\sbacknt.bin

2008-10-15 20:39 . 2008-10-16 08:17

2008-10-15 20:39 . 2008-10-15 20:46

2008-10-15 20:39 . 2008-10-15 20:41 152,904 --a------ C:\WINDOWS\system32\vghd.scr

2008-10-15 19:29 . 2008-10-15 19:29 431 --a------ C:\WINDOWS\BRWMARK.INI

2008-10-15 19:29 . 2008-10-15 19:29 27 --a------ C:\WINDOWS\BRPP2KA.INI

2008-10-15 15:31 . 2008-10-15 15:31

2008-10-15 15:18 . 2008-10-15 15:18

2008-10-15 08:16 . 2008-10-15 08:17

2008-10-15 07:20 . 2008-10-15 07:21

2008-10-15 06:46 . 2008-08-14 15:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-15 06:46 . 2008-08-14 15:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-15 06:46 . 2008-08-14 15:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-15 06:46 . 2008-08-14 15:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-15 06:46 . 2008-09-15 17:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-15 06:46 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-14 21:13 . 2008-10-19 19:20

2008-10-14 20:50 . 2008-10-14 20:59

2008-10-13 06:51 . 2008-10-19 10:02 13,030 --a------ C:\PDOXUSRS.NET

2008-10-13 06:10 . 2008-10-13 06:10

2008-10-13 06:10 . 2008-10-13 06:10

2008-10-12 19:17 . 2008-10-12 19:17

2008-10-12 19:16 . 2008-10-12 19:16

2008-10-12 18:58 . 2008-04-14 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-10-12 15:21 . 2008-10-12 15:21

2008-10-12 15:21 . 2008-10-12 15:21

2008-10-12 15:21 . 2008-10-12 15:21

2008-10-12 15:21 . 2008-10-12 15:21

2008-10-12 15:20 . 2008-10-12 15:21

2008-10-12 15:16 . 2008-10-12 15:16

2008-10-12 15:09 . 2004-08-04 00:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-10-12 08:48 . 2008-10-12 20:01

2008-10-11 19:40 . 2008-10-11 19:52

2008-10-11 17:05 . 2008-10-11 17:05

2008-10-11 17:05 . 2008-10-11 17:05

2008-10-10 20:25 . 2008-10-10 23:11

2008-10-10 20:24 . 2008-10-10 20:24

2008-10-10 17:38 . 2008-10-10 17:38

2008-10-10 17:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-10-10 17:36 . 2008-10-10 17:37

2008-10-10 17:35 . 2008-10-10 17:35

2008-10-09 20:39 . 2008-10-09 20:39

2008-10-09 19:19 . 2008-10-11 10:45

2008-10-09 19:19 . 2008-10-09 19:20

2008-10-09 19:18 . 2008-10-09 19:18

2008-10-09 19:18 . 2008-10-09 19:18 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys

2008-10-09 19:18 . 2008-10-09 19:18 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys

2008-10-09 17:42 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-10-09 17:42 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-10-09 09:24 . 2008-10-09 09:24

2008-10-09 08:18 . 2008-10-19 19:15

2008-10-09 08:18 . 2008-10-19 19:15

2008-10-09 08:18 . 2008-10-13 06:11

2008-10-09 08:18 . 2008-10-13 06:11

2008-10-09 08:18 . 2008-10-08 19:51

2008-10-09 08:18 . 2008-10-08 19:51

2008-10-09 08:18 . 2008-10-11 17:05

2008-10-09 08:18 . 2008-10-11 17:05

2008-10-09 08:18 . 2008-10-13 06:11

2008-10-09 08:18 . 2008-10-13 06:11

2008-10-09 08:18 . 2008-10-11 17:05

2008-10-09 08:18 . 2008-10-11 17:05

2008-10-09 08:18 . 2008-10-15 08:16

2008-10-09 08:18 . 2008-10-15 08:16

2008-10-09 08:18 . 2008-10-19 15:48

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-19 17:18 245,792 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-10-19 17:18 10,556 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-19 17:18 1,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-10-19 17:18 1,078,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-19 17:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-10-09 17:18 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-10-08 19:26 --------- d-----w C:\Documents and Settings\Oliver\Dane aplikacji\Winamp

2008-10-08 19:23 --------- d-----w C:\Program Files\Gadu-Gadu

2008-10-08 19:19 --------- d-----w C:\Program Files\Winamp

2008-10-08 18:52 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat

2008-10-08 18:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat

2008-10-08 18:52 --------- d-----w C:\Program Files\Kaspersky Lab

2008-10-08 18:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-10-08 18:26 --------- d-----w C:\Program Files\Panda Security

2008-10-08 18:09 14,656 ----a-w C:\WINDOWS\gdrv.sys

2008-10-08 18:06 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-10-08 18:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-08 18:06 --------- d-----w C:\Program Files\Realtek

2008-10-08 18:05 --------- d-----w C:\Program Files\DIFX

2008-10-08 18:02 --------- d-----w C:\Documents and Settings\Oliver\Dane aplikacji\InstallShield

2008-10-08 17:55 --------- d-----w C:\Program Files\microsoft frontpage

2008-10-08 17:53 --------- d-----w C:\Program Files\Usługi online

2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-20 05:11 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:26 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:26 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 86016]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

"nwiz"="nwiz.exe" [2006-10-31 C:\WINDOWS\system32\nwiz.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Oliver\Menu Start\Programy\Autostart\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Nowe Gadu-Gadu\gg.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6b05d64f-956e-11dd-8c7c-806d6172696f}]

\Shell\AutoRun\command - E:\Run.exe

.

Zawartość folderu 'Zaplanowane zadania'

2008-10-19 C:\WINDOWS\Tasks\MP Scheduled Scan.job

  • C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

  • USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\Oliver\Dane aplikacji\Mozilla\Firefox\Profiles\394tdbu5.default\

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-19 19:20:05

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Winamp\winamp.exe

.

**************************************************************************

.

Czas ukończenia: 2008-10-19 19:22:00 - komputer został uruchomiony ponownie [Oliver]

ComboFix-quarantined-files.txt 2008-10-19 17:21:56

Przed: 44,627,300,352 bajtów wolnych

Po: 44,771,299,328 bajtów wolnych

231 --- E O F --- 2008-10-15 05:05:15


(Neon1992) #2

Log z HijackThis - czysty.


(Hoina) #3

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6b05d64f-956e-11dd-8c7c-806d6172696f}]

\Shell\AutoRun\command - E:\Run.exe

no :wink: czysty


(Apdjs) #4

:?:


(Spandau) #5

Usuń te wpisy w HJT (niektórych może już nie być bo usunął je Combofix)

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Log Combofix wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!