mam antywirusa Ashampo.zeskanowalam caly komputer.mam wirusy i insekty ale nie moge ich usunac.nie znam sie na logach ani hijakthisach ale moze krok po kroku ktos mi pomoze?
probuje pobrac tego combofixa ale to trwa okolo godziny. co mam robic?
daj log HijackThisa
Pobierz System Repair Engineer
http://www.cybertrash.pl/images/tata/System%20Repair/System%20Repair%20Engineer.html
przeskanuj daj log
juz mam tego combofixa. co mam robic dalej. uruchomic go?
tak dwuklikiem
Logfile of HijackThis v1.99.1
Scan saved at 22:40:23, on 2008-07-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\User\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: GuardGui.lnk = D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip…{3DD665E1-37D9-495D-950C-A8F6A5F676DA}: NameServer = 213.158.193.38 213.158.194.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avGuard Service (avGuard) - Unknown owner - D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe
Log czysty
a gdzie log Combofix , System Repair Engineer
to ja mam się prosić o logi to chyba ty masz problem ze swoim kompem
[-X
2008-07-20,11:36:42
System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Publisher]
<"C:\Program Files\Gadu-Gadu\gg.exe" /tray> [(Verified)Gadu-Gadu sp. z o.o.]
[Franmo Software]
<"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[VIA Technologies]
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
[Ahead Software Gmbh]
[ATI Technologies, Inc.]
<"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[Microsoft Corporation]
==================================
Startup Folders
[Adobe Reader Speed Launch]
D:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]>
[ATI CATALYST – pasek zadań]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [ATI Technologies Inc.]>
[GuardGui]
D:\PROGRA~1\Ashampoo\ASHAMP~1\GuardGui.exe [Ashampoo GmbH & Co K.G.]>
==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
[ATI Smart / ATI Smart][Stopped/Auto Start]
<>
[avGuard Service / avGuard][Running/Auto Start]
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll>
==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
[AMD Processor Driver / AmdK8][Running/System Start]
[AshAvScan / AshAvScan][Running/Manual Start]
[ati2mtag / ati2mtag][Running/Manual Start]
[Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet / FETNDIS][Stopped/Manual Start]
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\E:\INSTALL\GMSIPCI.SYS>
[Huawei DataCard USB Modem and USB Serial / hwdatacard][Running/Manual Start]
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
[Secdrv / Secdrv][Stopped/Manual Start]
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys>
[viasraid / viasraid][Running/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Przeglądarka sieci Web firmy Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
==================================
Running Processes
[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [ATI Technologies Inc., 6.14.10.4115]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [ATI Technologies Inc., 6.14.10.4115]
[C] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [ATI Technologies Inc., 6.14.10.4115]
[C] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[D] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C] [Microsoft Corporation, 7.10.3052.4]
[D] [Adobe Systems, Inc., 7.0.0.0]
[D] [Ashampoo GmbH, 1, 0, 0, 1]
[PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID][D] [N/A,]
[D] [N/A,]
[D] [Microsoft Corporation, 6.02.3104.0]
[D] [H+BEDV Datentechnik GmbH, 7.00.00.02]
[D] [Avira GmbH, 7.6.0.20]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [VIA Technologies, 4, 0, 6, 0]
[C] [VIA, 4, 0, 4, 0]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Realtek Semiconductor Corp., 5, 1, 0, 44]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [ATI Technologies Inc., 1.2.1949.42411]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 1.1.4322.2032]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[C] [Microsoft Corporation, 1.1.4322.573]
[c] [ATI Technologies Inc., 1.2.1949.42160]
[C] [Microsoft Corporation, 1.1.4322.2032]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42410]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [ATI Technologies Inc., 1.2.1949.42358]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [ATI Technologies Inc., 1.2.1949.42410]
[c] [ATI Technologies Inc., 1.2.1949.42160]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [Microsoft Corporation, 1.1.4322.573]
[c] [ATI Technologies Inc., 1.2.1949.42393]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42160]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42164]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [ATI Technologies Inc., 1.2.1949.42358]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [ATI Technologies Inc., 1.2.1949.42166]
[c] [ATI Technologies Inc., 1.2.1949.42166]
[c] [ATI Technologies Inc., 1.2.1949.42173]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42166]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42175]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [ATI Technologies Inc., 1.2.1949.42164]
[c] [ATI Technologies Inc., 1.2.1949.42164]
[c] [ATI Technologies Inc., 1.2.1949.42164]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[c] [ATI Technologies Inc., 1.2.1949.42391]
[c] [ATI Technologies Inc., 1.2.1949.42352]
[c] [ATI Technologies Inc., 1.2.1949.42164]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42285]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42320]
[c] [ATI Technologies Inc., 1.2.1949.42320]
[c] [ATI Technologies Inc., 1.2.1949.42175]
[c] [ATI Technologies Inc., 1.2.1949.42316]
[c] [ATI Technologies Inc., 1.2.1949.42180]
[c] [ATI Technologies Inc., 1.2.1949.42291]
[c] [ATI Technologies Inc., 1.2.1949.42166]
[c] [ATI Technologies Inc., 1.2.1949.42256]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42162]
[c] [ATI Technologies Inc., 1.2.1949.42290]
[c] [ATI Technologies Inc., 1.2.1949.42290]
[c] [ATI Technologies Inc., 1.2.1949.42166]
[c] [ATI Technologies Inc., 1.2.1949.42221]
[c] [ATI Technologies Inc., 1.2.1949.42173]
[c] [ATI Technologies Inc., 1.2.1949.42245]
[c] [ATI Technologies Inc., 1.2.1949.42273]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42194]
[c] [ATI Technologies Inc., 1.2.1949.42291]
[c] [ATI Technologies Inc., 1.2.1949.42220]
[c] [ATI Technologies Inc., 1.2.1949.42173]
[c] [ATI Technologies Inc., 1.2.1949.42381]
[c] [ATI Technologies Inc., 1.2.1949.42163]
[c] [ATI Technologies Inc., 1.2.1949.42411]
[c] [ATI Technologies Inc., 1.2.1949.42175]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42175]
[c] [ATI Technologies Inc., 1.2.1949.42167]
[c] [ATI Technologies Inc., 1.2.1949.42174]
[c] [ATI Technologies Inc., 1.2.1949.42175]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Gadu-Gadu S.A., 7,7,0,3725]
[C] [sms-express.com, 1, 0, 0, 0]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Microsoft Corporation, 7.10.6030.0]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
[C] [N/A,]
[C] [The OpenSSL Project, http://www.openssl.org/, 0.9.8e]
[C] [Gadu-Gadu S.A., 7,7,0,2976]
[C] [n0ne, 1, 0, 0, 2]
[C] [Gadu-Gadu S.A., 7,6,0,3433]
[C] [N/A,]
[C] [N/A,]
[PID][C] [Microsoft Corporation, 4.7.3001]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [ATI Technologies Inc., 1.2.1949.42411]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 1.1.4322.2032]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[C] [Microsoft Corporation, 1.1.4322.573]
[c] [ATI Technologies Inc., 1.2.1949.42160]
[C] [Microsoft Corporation, 1.1.4322.2032]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42410]
[c] [ATI Technologies Inc., 1.2.1949.42165]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [ATI Technologies Inc., 1.2.1949.42358]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [ATI Technologies Inc., 1.2.1949.42226]
[c] [ATI Technologies Inc., 1.2.1949.42410]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [ATI Technologies Inc., 1.2.1949.42161]
[c] [Microsoft Corporation, 1.1.4322.2032]
[c] [N/A,]
[c] [ATI Technologies Inc., 1.2.1949.42226]
[c] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Microsoft Corporation, 1.1.4322.2032]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][D] [Ashampoo GmbH & Co K.G., 1, 4, 1, 0]
[D] [N/A,]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Huawei Technologies Co., Ltd., HOSTA35.11.07.01.00.49]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [N/A,]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[PID][C] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Adobe Systems, Inc., 9,0,124,0]
[PID][C] [Smallfrogs Studio, 2.6.11.992]
[PID][C] [Smallfrogs Studio, 2.6.11.992]
[C] [Gadu-Gadu S.A., 7,6,0,1578]
[C] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
[C]
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(&O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(&0)
[D]
[autorun]
shellexecute=Recycled\ctfmon.exe
shell\Open(&0)\command=Recycled\ctfmon.exe
shell=Open(&0)
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 268, C:\PROGRAM FILES\VIA\RAID\RAID_TOOL.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 344, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 344, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 616, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 616, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2356, C:\PROGRAM FILES\HUAWEI TECHNOLOGIES\MOBILE CONNECT\MOBILE CONNECT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3852, C:\DOCUMENTS AND SETTINGS\USER\PULPIT\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
W dniu 20.07.2008 , o godzinie 12:01 został dopisany post przez dolores
ComboFix 08-07-19.1 - User 2008-07-20 11:50:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.234 [GMT 2:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Recycled\Recycled
C:\Recycled\Recycled\ctfmon.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.
2008-07-18 22:59 . 2008-07-18 22:59
2008-07-12 13:34 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-12 13:34 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 07:23 . 2007-04-16 16:25 7,168 --a------ C:\WINDOWS\system32\drivers\AshAvScan.sys
2008-07-09 07:23 . 2008-07-20 11:23 0 --a------ C:\log.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 07:21 --------- d-----w C:\Program Files\Play
2008-06-12 19:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\CrystalSpace
2008-06-12 19:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Chromeflower
2008-06-12 18:49 --------- d-----w C:\Program Files\BigfootEvolution
2008-06-11 13:46 --------- d-----w C:\Program Files\Beetle Ju
2008-06-10 06:04 --------- d-----w C:\Program Files\FunPause Atlantis
2008-06-09 11:02 --------- d-----w C:\Program Files\Dracula Twins
2008-06-09 09:36 --------- d-----w C:\Program Files\Mirage Interactive
2008-06-09 09:34 --------- d-----w C:\Program Files\Karting
2008-06-09 09:30 --------- d-----w C:\Program Files\Snowy Poszukiwacz Skarbów 2
2008-06-09 09:29 --------- d-----w C:\Program Files\KraiSoft
2008-06-09 08:37 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-06-03 19:09 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-29 11:46 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\AdobeUM
2008-05-29 11:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-25 19:34 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Media Player Classic
2008-05-24 11:38 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Talkback
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]
“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2008-01-04 12:02 265216]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2004-10-11 08:54 589824]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-03 21:05 344064]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-05-04 00:33 32768]
“SoundMan”=“SOUNDMAN.EXE” [2005-09-22 10:42 90112 C:\WINDOWS\soundman.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
ATI CATALYST - pasek zadaä.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-04 00:33:42 32768]
GuardGui.lnk - D:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe [2008-07-09 07:23:02 537936]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 13:22]
R2 avGuard;avGuard Service;D:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe [2007-08-29 13:48]
R3 AshAvScan;AshAvScan;C:\WINDOWS\system32\DRIVERS\AshAvScan.sys [2007-04-16 16:25]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b3214648-137d-11dd-9cb4-0013d3f7562e}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c118bfcf-0594-11dd-9c84-0013d3f7562e}]
\Shell\AutoRun\command - F:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 11:51:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-20 11:52:22
ComboFix-quarantined-files.txt 2008-07-20 09:52:20
Pre-Run: 28,682,706,944 bajtów wolnych
Post-Run: 29,078,872,064 bajtów wolnych
96 — E O F — 2008-07-18 12:21:35
Otwórz notatnik i wklej
zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart
powstanie plik o takiej ikonie
w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart
Logi wyglądaj na czyste
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
przepraszam ze to tak dlugo trwa ale dla mnie to wszystko to czarna magia. staram sie jak moge. mam nadzieje ze to co przeslalam to jest wlasnie to o co prosiles. dziekuje za pomoc.
tak o to chodziło zrób jeszcze to o czym pisałem w ostatnim moim postcie
nie moge tego wyciac. jak mam to zrobic? nie wiem czy to wazne ale gdy probuje otwprzyc dysk D to poikazuje mi sie komunikat ze po otwarciu zainfekuje system wirusem.
co chcesz wyciąć?
masz otworzyć notatnik i tam wpisać
dalej pisze co zrobić
wszystko robie nie tak jak trzeba. moj plik wyglada tak samo tylko nie ma w nazwie koncowki .reg kiedy wchodze na strone ktora mi podales to nie moge znalezc nic o optymalizacjach uruchamiania a kacperski mi pokazuja ze musze byc administratorem i zmienic poziom IE na sredni. pomoz!
przeskanowalam komputer. lAV0.QRT;C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Ashampoo Antivirus\Quarantine;Trojan.Recycle;Usunięty.;
ctfmon.exe;C:\Recycled;Trojan.Recycle;Usunięty.;
Dc3.exe\327882R2FWJFW\psexec.cfexe;C:\RECYCLER\S-1-5-21-1343024091-1409082233-839522115-1003\Dc3.exe;Program.PsExec.171;;
Dc3.exe;C:\RECYCLER\S-1-5-21-1343024091-1409082233-839522115-1003;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
A0055791.exe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Trojan.Recycle;Usunięty.;
A0055792.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69\A0055792.exe;Program.PsExec.171;;
A0055792.exe;C:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Archiwum zawierające zainfekowane obiekty;Przeniesiony.;
ctfmon.exe;D:\Recycled;Trojan.Recycle;Usunięty.;
A0055793.exe;D:\System Volume Information_restore{9D01939C-22BE-46A3-B545-28618084841D}\RP69;Trojan.Recycle;Usunięty.;
Opróżnij kosz
juz oproznilam. i co dalej?
Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Powinno być ok
W dniu 23.07.2008 , o godzinie 4:46 został dopisany post przez huber2t
Wyłącz i Włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Powinno być ok