Problem z wirusami


(system) #1

mam antywirusa Ashampo.zeskanowalam caly komputer.mam wirusy i insekty ale nie moge ich usunac.nie znam sie na logach ani hijakthisach ale moze krok po kroku ktos mi pomoze?


(huber2t) #2

Podaj log z Combofix

A po tym:

Podaj log z Hijackthis


(system) #3

probuje pobrac tego combofixa ale to trwa okolo godziny. co mam robic?


(Leon$) #4

daj log HijackThisa

Pobierz System Repair Engineer

http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html

przeskanuj daj log

:slight_smile:


(system) #5

juz mam tego combofixa. co mam robic dalej. uruchomic go?


(Leon$) #6

tak dwuklikiem

:slight_smile:


(system) #7

Logfile of HijackThis v1.99.1

Scan saved at 22:40:23, on 2008-07-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe

C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\User\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: GuardGui.lnk = D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip..{3DD665E1-37D9-495D-950C-A8F6A5F676DA}: NameServer = 213.158.193.38 213.158.194.1

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avGuard Service (avGuard) - Unknown owner - D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe


(Leon$) #8

Log czysty

a gdzie log Combofix , System Repair Engineer

to ja mam się prosić o logi to chyba ty masz problem ze swoim kompem

[-X


(system) #9
2008-07-20,11:36:42


System Repair Engineer 2.6.11.992

Smallfrogs (http://www.KZTechs.com)


Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed


Follow item(s) have been selected:

    All Boot Items (Including Registry, Startup Folders, Services and so on)

    Browser Add-ons

    Running Processes (Including process model information)

    File Associations

    Winsock Provider

    Autorun.Inf

    HOSTS File

    Process Privileges Scan



Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  [(Verified)Microsoft Windows Publisher]
<"C:\Program Files\Gadu-Gadu\gg.exe" /tray> [(Verified)Gadu-Gadu sp. z o.o.]
  [Franmo Software]
<"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  [VIA Technologies]
  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
  [Ahead Software Gmbh]
  [ATI Technologies, Inc.]
<"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime> [File is missing]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Component Publisher]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  [Microsoft Corporation]


==================================

Startup Folders

[Adobe Reader Speed Launch]
 D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]>

[ATI CATALYST – pasek zadań]
 C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [ATI Technologies Inc.]>

[GuardGui]
 D:\PROGRA~1\Ashampoo\ASHAMP~1\GuardGui.exe [Ashampoo GmbH & Co K.G.]>


==================================

Services

[ASP.NET State Service / aspnet_state][Stopped/Manual Start]


[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]


[ATI Smart / ATI Smart][Stopped/Auto Start]
<>

[avGuard Service / avGuard][Running/Auto Start]


[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>


==================================

Drivers

[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]


[AMD Processor Driver / AmdK8][Running/System Start]


[AshAvScan / AshAvScan][Running/Manual Start]


[ati2mtag / ati2mtag][Running/Manual Start]


[Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet / FETNDIS][Stopped/Manual Start]


[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]


[GMSIPCI / GMSIPCI][Stopped/Manual Start]

  <\??\E:\INSTALL\GMSIPCI.SYS>

[Huawei DataCard USB Modem and USB Serial / hwdatacard][Running/Manual Start]


[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]


[Secdrv / Secdrv][Stopped/Manual Start]


[viamraid / viamraid][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\viamraid.sys>

[viasraid / viasraid][Running/Boot Start]

  <\SystemRoot\system32\drivers\viasraid.sys>


==================================

Browser Add-ons

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} 

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 

[AcroIEHlprObj Class]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} 

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} 

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>

[DHTML Edit Control Safe for Scripting for IE5]

  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} 

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} 

[Active Desktop Mover]

  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>

[Przeglądarka sieci Web firmy Microsoft]

  {8856F961-340A-11D0-A96B-00C04FD705A2} 

[SearchAssistantOC]

  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} 


==================================

Running Processes

[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [ATI Technologies Inc., 6.14.10.4115]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ATI Technologies Inc., 6.14.10.4115]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2497]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [ATI Technologies Inc., 6.14.10.4115]

    [C] [ATI Technologies, Inc., 6, 14, 10, 2497]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [D] [Adobe Systems Incorporated, 7.0.0.2004121400]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [D] [Adobe Systems, Inc., 7.0.0.0]

    [D] [Ashampoo GmbH, 1, 0, 0, 1]

[PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

[PID][D] [N/A,]

    [D] [N/A,]

    [D] [Microsoft Corporation, 6.02.3104.0]

    [D] [H+BEDV Datentechnik GmbH, 7.00.00.02]

    [D] [Avira GmbH, 7.6.0.20]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][C] [VIA Technologies, 4, 0, 6, 0]

    [C] [VIA, 4, 0, 4, 0]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Realtek Semiconductor Corp., 5, 1, 0, 44]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [ATI Technologies Inc., 1.2.1949.42411]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [C] [Microsoft Corporation, 1.1.4322.573]

    [c] [ATI Technologies Inc., 1.2.1949.42160]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42410]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [ATI Technologies Inc., 1.2.1949.42358]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [ATI Technologies Inc., 1.2.1949.42410]

    [c] [ATI Technologies Inc., 1.2.1949.42160]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [Microsoft Corporation, 1.1.4322.573]

    [c] [ATI Technologies Inc., 1.2.1949.42393]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42160]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42164]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [ATI Technologies Inc., 1.2.1949.42358]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [ATI Technologies Inc., 1.2.1949.42166]

    [c] [ATI Technologies Inc., 1.2.1949.42166]

    [c] [ATI Technologies Inc., 1.2.1949.42173]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42166]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42175]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [ATI Technologies Inc., 1.2.1949.42164]

    [c] [ATI Technologies Inc., 1.2.1949.42164]

    [c] [ATI Technologies Inc., 1.2.1949.42164]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [c] [ATI Technologies Inc., 1.2.1949.42391]

    [c] [ATI Technologies Inc., 1.2.1949.42352]

    [c] [ATI Technologies Inc., 1.2.1949.42164]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42285]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42320]

    [c] [ATI Technologies Inc., 1.2.1949.42320]

    [c] [ATI Technologies Inc., 1.2.1949.42175]

    [c] [ATI Technologies Inc., 1.2.1949.42316]

    [c] [ATI Technologies Inc., 1.2.1949.42180]

    [c] [ATI Technologies Inc., 1.2.1949.42291]

    [c] [ATI Technologies Inc., 1.2.1949.42166]

    [c] [ATI Technologies Inc., 1.2.1949.42256]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42162]

    [c] [ATI Technologies Inc., 1.2.1949.42290]

    [c] [ATI Technologies Inc., 1.2.1949.42290]

    [c] [ATI Technologies Inc., 1.2.1949.42166]

    [c] [ATI Technologies Inc., 1.2.1949.42221]

    [c] [ATI Technologies Inc., 1.2.1949.42173]

    [c] [ATI Technologies Inc., 1.2.1949.42245]

    [c] [ATI Technologies Inc., 1.2.1949.42273]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42194]

    [c] [ATI Technologies Inc., 1.2.1949.42291]

    [c] [ATI Technologies Inc., 1.2.1949.42220]

    [c] [ATI Technologies Inc., 1.2.1949.42173]

    [c] [ATI Technologies Inc., 1.2.1949.42381]

    [c] [ATI Technologies Inc., 1.2.1949.42163]

    [c] [ATI Technologies Inc., 1.2.1949.42411]

    [c] [ATI Technologies Inc., 1.2.1949.42175]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42175]

    [c] [ATI Technologies Inc., 1.2.1949.42167]

    [c] [ATI Technologies Inc., 1.2.1949.42174]

    [c] [ATI Technologies Inc., 1.2.1949.42175]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Gadu-Gadu S.A., 7,7,0,3725]

    [C] [sms-express.com, 1, 0, 0, 0]

    [C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]

    [C] [Microsoft Corporation, 7.10.6030.0]

    [C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]

    [C] [N/A,]

    [C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]

    [C] [Gadu-Gadu S.A., 7,7,0,2976]

    [C] [n0ne, 1, 0, 0, 2]

    [C] [Gadu-Gadu S.A., 7,6,0,3433]

    [C] [N/A,]

    [C] [N/A,]

[PID][C] [Microsoft Corporation, 4.7.3001]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [ATI Technologies Inc., 1.2.1949.42411]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [C] [Microsoft Corporation, 1.1.4322.573]

    [c] [ATI Technologies Inc., 1.2.1949.42160]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42410]

    [c] [ATI Technologies Inc., 1.2.1949.42165]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [ATI Technologies Inc., 1.2.1949.42358]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [ATI Technologies Inc., 1.2.1949.42226]

    [c] [ATI Technologies Inc., 1.2.1949.42410]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [ATI Technologies Inc., 1.2.1949.42161]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [c] [N/A,]

    [c] [ATI Technologies Inc., 1.2.1949.42226]

    [c] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Microsoft Corporation, 1.1.4322.2032]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID][D] [Ashampoo GmbH & Co K.G., 1, 4, 1, 0]

    [D] [N/A,]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Huawei Technologies Co., Ltd., HOSTA35.11.07.01.00.49]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Microsoft Corporation, 7.10.3077.0]

    [C] [N/A,]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

[PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

    [D] [Adobe Systems Incorporated, 7.0.0.2004121400]

    [C] [Microsoft Corporation, 7.10.3052.4]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Adobe Systems, Inc., 9,0,124,0]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

[PID][C] [Smallfrogs Studio, 2.6.11.992]

    [C] [Gadu-Gadu S.A., 7,6,0,1578]

    [C] [Smallfrogs Studio, 2, 1, 0, 15]


==================================

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE OK. ["%1" %*]

.COM OK. ["%1" %*]

.PIF OK. ["%1" %*]

.REG OK. [regedit.exe "%1"]

.BAT OK. ["%1" %*]

.SCR OK. ["%1" /S]

.CHM OK. ["C:\WINDOWS\hh.exe" %1]

.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK OK. [{00021401-0000-0000-C000-000000000046}]


==================================

Winsock Provider

N/A


==================================

Autorun.Inf

[C]

[autorun]

shellexecute=Recycled\Recycled\ctfmon.exe

shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe

shell=Open(&0)

[D]

[autorun]

shellexecute=Recycled\ctfmon.exe

shell\Open(&0)\command=Recycled\ctfmon.exe

shell=Open(&0)


==================================

HOSTS File

127.0.0.1 localhost


==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 268, C:\PROGRAM FILES\VIA\RAID\RAID_TOOL.EXE]

Special Privileges Enabled: SeDebugPrivilege [PID = 344, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 344, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]

Special Privileges Enabled: SeDebugPrivilege [PID = 616, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 616, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2356, C:\PROGRAM FILES\HUAWEI TECHNOLOGIES\MOBILE CONNECT\MOBILE CONNECT.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3852, C:\DOCUMENTS AND SETTINGS\USER\PULPIT\SRENG2\SRENGLDR.EXE]


==================================

API HOOK

N/A


==================================

Hidden Process

N/A


==================================

W dniu 20.07.2008 , o godzinie 12:01 został dopisany post przez dolores

ComboFix 08-07-19.1 - User 2008-07-20 11:50:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.234 [GMT 2:00]

Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

C:\Recycled\Recycled

C:\Recycled\Recycled\ctfmon.exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))

.

2008-07-18 22:59 . 2008-07-18 22:59

2008-07-12 13:34 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-12 13:34 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-09 07:23 . 2007-04-16 16:25 7,168 --a------ C:\WINDOWS\system32\drivers\AshAvScan.sys

2008-07-09 07:23 . 2008-07-20 11:23 0 --a------ C:\log.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-29 07:21 --------- d-----w C:\Program Files\Play

2008-06-12 19:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\CrystalSpace

2008-06-12 19:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Chromeflower

2008-06-12 18:49 --------- d-----w C:\Program Files\BigfootEvolution

2008-06-11 13:46 --------- d-----w C:\Program Files\Beetle Ju

2008-06-10 06:04 --------- d-----w C:\Program Files\FunPause Atlantis

2008-06-09 11:02 --------- d-----w C:\Program Files\Dracula Twins

2008-06-09 09:36 --------- d-----w C:\Program Files\Mirage Interactive

2008-06-09 09:34 --------- d-----w C:\Program Files\Karting

2008-06-09 09:30 --------- d-----w C:\Program Files\Snowy Poszukiwacz Skarbów 2

2008-06-09 09:29 --------- d-----w C:\Program Files\KraiSoft

2008-06-09 08:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-03 19:09 --------- d-----w C:\Program Files\Gadu-Gadu

2008-05-29 11:46 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\AdobeUM

2008-05-29 11:44 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-25 19:34 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Media Player Classic

2008-05-24 11:38 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Talkback

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-01-04 12:02 265216]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 08:54 589824]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 21:05 344064]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-04 00:33 32768]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

ATI CATALYST - pasek zadaä.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 00:33:42 32768]

GuardGui.lnk - D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe [2008-07-09 07:23:02 537936]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]

R2 avGuard;avGuard Service;D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe [2007-08-29 13:48]

R3 AshAvScan;AshAvScan;C:\WINDOWS\system32\DRIVERS\AshAvScan.sys [2007-04-16 16:25]

R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b3214648-137d-11dd-9cb4-0013d3f7562e}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c118bfcf-0594-11dd-9c84-0013d3f7562e}]

\Shell\AutoRun\command - F:\AutoRun.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-20 11:51:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-20 11:52:22

ComboFix-quarantined-files.txt 2008-07-20 09:52:20

Pre-Run: 28,682,706,944 bajtów wolnych

Post-Run: 29,078,872,064 bajtów wolnych

96 --- E O F --- 2008-07-18 12:21:35


(Leon$) #10

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Logi wyglądaj na czyste

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:


(system) #11

przepraszam ze to tak dlugo trwa ale dla mnie to wszystko to czarna magia. staram sie jak moge. mam nadzieje ze to co przeslalam to jest wlasnie to o co prosiles. dziekuje za pomoc.


(Leon$) #12

tak o to chodziło zrób jeszcze to o czym pisałem w ostatnim moim postcie

:slight_smile:


(system) #13

nie moge tego wyciac. jak mam to zrobic? nie wiem czy to wazne ale gdy probuje otwprzyc dysk D to poikazuje mi sie komunikat ze po otwarciu zainfekuje system wirusem.


(Leon$) #14

co chcesz wyciąć?

masz otworzyć notatnik i tam wpisać

dalej pisze co zrobić

:slight_smile:


(system) #15

wszystko robie nie tak jak trzeba. moj plik wyglada tak samo tylko nie ma w nazwie koncowki .reg kiedy wchodze na strone ktora mi podales to nie moge znalezc nic o optymalizacjach uruchamiania a kacperski mi pokazuja ze musze byc administratorem i zmienic poziom IE na sredni. pomoz! !!


(Leon$) #16

(system) #17

przeskanowalam komputer. lAV0.QRT;C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Ashampoo Antivirus\Quarantine;Trojan.Recycle;Usunięty.;

ctfmon.exe;C:\Recycled;Trojan.Recycle;Usunięty.;

Dc3.exe\327882R2FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-1343024091-1409082233-839522115-1003\Dc3.exe;Program.PsExec.171;;

Dc3.exe;C:\RECYCLER\S-1-5-21-1343024091-1409082233-839522115-1003;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;

A0055791.exe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Trojan.Recycle;Usunięty.;

A0055792.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69\A0055792.exe;Program.PsExec.171;;

A0055792.exe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;

ctfmon.exe;D:\Recycled;Trojan.Recycle;Usunięty.;

A0055793.exe;D:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Trojan.Recycle;Usunięty.;


(huber2t) #18

Opróżnij kosz

:slight_smile:


(system) #19

juz oproznilam. i co dalej?


(huber2t) #20

Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Powinno być ok

:slight_smile:

W dniu 23.07.2008 , o godzinie 4:46 został dopisany post przez huber2t

Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Powinno być ok

:slight_smile: