Problem z wirusami (chyba)


(Morbid Angel1) #1

Piszę bo od jakiegoś komp zaczął bardziej mulić co odbija się także na szybkości neta,nie wiem czemu tak jest,wirusy czy coś innego:/

Oto log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:15, on 2008-08-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\K-Lite Codec Pack\QuickTime\Browser\qttask.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.46.144/feeds/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [msvcc25] svcchost.exe

O4 - HKLM..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\Browser\qttask.exe" -atboottime

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\RunServices: [Windows Update] Systemalerts.exe

O4 - HKLM..\RunServices: [msvcc25] svcchost.exe

O4 - HKLM..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045

O4 - HKCU..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl48bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ ... 26e79f8d4e

O17 - HKLM\System\CCS\Services\Tcpip..{86BA144A-D24E-46AC-9864-AB09E050B8F9}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)

O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaMicroScanPro\avmon.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 7990 bytes


(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://69.31.46.144/feeds/search.html

O4 - HKLM\..\Run: [msvcc25] svcchost.exe		

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\RunServices: [Windows Update] Systemalerts.exe		

O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe		

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {CT id=e codeBase=http://www.www2.p0rt2.com/files/epl48bf2.cab classid=clsid:33331111-1111-1111-1111-615111193427} -

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ ... 26e79f8d4e

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)		

O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - Unknown owner - C:\Program Files\ArcaMicroScanPro\avmon.exe (file missing)

usuń wpisy HJT

Daj log z ComboFix


(Morbid Angel1) #3

Oto log z ComboFix:

ComboFix 08-08-11.01 - Xxx 2008-08-12 18:59:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.205 [GMT 2:00]

Running from: C:\Documents and Settings\Xxx\Pulpit\Arek\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Start\Programy\XPSecurityCenter

.

---- Previous Run -------

.

C:\WINDOWS\system32\mdm.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}

-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))

.

2008-08-12 10:31 . 2008-08-12 10:31

2008-08-07 17:04 . 2008-08-07 17:04

2008-08-07 17:04 . 2008-08-07 17:04

2008-08-05 01:35 . 2008-08-05 02:07

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-12 17:08 --------- d-----w C:\Documents and Settings\Xxx\Dane aplikacji\OpenOffice.org2

2008-08-12 14:54 162,008 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-08-11 15:40 --------- d-----w C:\Program Files\eMule

2008-08-11 12:41 --------- d-----w C:\Program Files\Soulseek

2008-08-08 00:52 --------- d-----w C:\Program Files\WarRock

2008-08-07 17:46 --------- d-----w C:\Documents and Settings\Xxx\Dane aplikacji\uTorrent

2008-08-05 00:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-07-28 18:14 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT

2008-07-28 18:14 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT

2008-07-27 17:08 --------- d-----w C:\Documents and Settings\Xxx\Dane aplikacji\gtk-2.0

2008-07-27 16:54 --------- d-----w C:\Documents and Settings\Xxx\Dane aplikacji\Image Zone Express

2008-07-05 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com

2008-07-05 21:54 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-07-05 21:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-05 21:54 --------- d-----w C:\Documents and Settings\Xxx\Dane aplikacji\SUPERAntiSpyware.com

2008-07-05 19:30 --------- d-----w C:\Program Files\Kaspersky Lab

2008-07-05 16:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-07-03 16:22 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-07-01 10:59 --------- d-----w C:\Program Files\MSECache

2008-06-25 14:09 --------- d-----w C:\Program Files\PhotoFiltre Studio

2008-06-23 21:33 --------- d-----w C:\Program Files\GIMP-2.0

2008-06-22 14:16 --------- d-----w C:\Program Files\Microsoft Digital Image 2006

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2007-06-15 10:18 323 ----a-w C:\Program Files\INSTALL.LOG

2008-04-04 22:23 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-10 15:49 7286784]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-10 15:49 86016]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\Browser\qttask.exe" [2007-07-18 11:45 282624]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-19 11:39 35328]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-14 23:43 185896]

"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\Xxx\Menu Start\Programy\Autostart\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-18 11:47:48 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]

2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]

S2 ArcaVirMonitor;ArcaVir Antivirus Monitor Service;C:\Program Files\ArcaMicroScanPro\avmon.exe []

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys []

S3 arcaen;ArcaVir Monitor Kernel Engine Driver;C:\Program Files\ArcaMicroScanPro\arcaen.sys []

S3 arcaev;ArcaVir Monitor Kernel Events Driver;C:\Program Files\ArcaMicroScanPro\arcaev.sys []

S3 arcafd;ArcaVir Monitor Kernel Filter Driver;C:\Program Files\ArcaMicroScanPro\arcafd.sys []

S3 jfdcd;jfdcd;C:\DOCUME~1\Xxx\USTAWI~1\Temp\jfdcd.sys []

S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-08-06 05:06]

.

  • ORPHANS REMOVED - - - -

HKCU-Run-Total Uninstall Agent - C:\Program Files\Total Uninstall 4\TuAgent.exe

HKLM-Run-BearShare - C:\Program Files\BearShare\BearShare.exe

HKLM-Run-msvcc25 - svcchost.exe

HKLM-RunServices-msvcc25 - svcchost.exe

Notify-mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll

Notify-avldr - avldr.dll

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/

R0 -: HKLM-Main,Start Page = hxxp://www.google.com

R0 -: HKLM-Main,Search Bar = hxxp://69.31.46.144/feeds/search.html

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-12 19:07:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

  • C:\Program Files\Unlocker\UnlockerHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.bin

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

.

**************************************************************************

.

Completion time: 2008-08-12 19:14:56 - machine was rebooted [Xxx]

ComboFix-quarantined-files.txt 2008-08-12 17:14:42

Pre-Run: 21,292,195,840 bajtów wolnych

Post-Run: 22,645,239,808 bajt˘w wolnych

164 --- E O F --- 2008-07-10 01:01:25


(Leon$) #4

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& ... It!+4.44.5

:slight_smile:


(Morbid Angel1) #5

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Driver "ArcaVirMonitor" deleted successfully.

Driver "PavProc" deleted successfully.

Raport:C:\avenger.txt chyab o to chodzilo:/

Driver "arcaen" deleted successfully.

Driver "arcaev" deleted successfully.

Driver "arcafd" deleted successfully.

Driver "jfdcd" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


(Gutek) #6

Ok teraz, ale o coś proszę - Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Na koniec jeszcze wykonaj skan Dr. Web CureIt