Problem z wirusem

mati539 · 8 Sierpień 2008 20:43

Miałem wirusa i zrobiłem skanowanie za pomocą combofixa.Oto log

Jakby co to pisze w imieniu kolegi… i on mi go wysłał przez gg…;p Czekam na odp…

[code]ComboFix 08-08-08.04 - Arsenal 2008-08-08 22:18:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.517 [GMT 2:00] Running from: C:\\Documents and Settings\\Arsenal\\Pulpit\\ComboFix.exe * Created a new restore point ;[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color] . ;((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\\Program Files\\MalwareAlarm C:\\Program Files\\MalwareAlarm\\MalwareAlarm.exe C:\\Program Files\\MalwareAlarm\\MalwareAlarm.lic C:\\Program Files\\MalwareAlarm\\Uninstall.exe C:\\Program Files\\myglobalsearch C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.JAR C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.MANIFEST C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.JAR C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.MANIFEST C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9PLUGIN.DLL C:\\Program Files\\myglobalsearch\\bar\\1.bin\\MGSBAR.DLL C:\\Program Files\\myglobalsearch\\bar\\1.bin\\NPMYGLSH.DLL C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077B9D7 C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077BB4E.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077CC07.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077CDFB.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]2BC9A6E C:\\Program Files\\myglobalsearch\\bar\\Cache\\files.ini C:\\Program Files\\myglobalsearch\\bar\\History\\search C:\\Program Files\\myglobalsearch\\bar\\Settings\\prevcfg.htm

C:\\Program Files\\PCHealthCenter C:\\Program Files\\PCHealthCenter\\[u]0[/u].exe C:\\Program Files\\PCHealthCenter\\[u]0[/u].gif C:\\Program Files\\PCHealthCenter\\1.exe C:\\Program Files\\PCHealthCenter\\1.gif C:\\Program Files\\PCHealthCenter\\2.exe C:\\Program Files\\PCHealthCenter\\2.gif C:\\Program Files\\PCHealthCenter\\3.exe C:\\Program Files\\PCHealthCenter\\3.gif C:\\Program Files\\PCHealthCenter\\4.exe C:\\Program Files\\PCHealthCenter\\5.exe C:\\Program Files\\PCHealthCenter\\7.exe C:\\Program Files\\PCHealthCenter\\sex1.ico C:\\Program Files\\PCHealthCenter\\sex2.ico C:\\Program Files\\VAV C:\\Program Files\\VAV\\vav.cpl C:\\Program Files\\VAV\\vav.exe C:\\Program Files\\VAV\\vav0.dat C:\\Program Files\\VAV\\vav1.dat C:\\WINDOWS\\bgrqfetx.dll C:\\WINDOWS\\Downloaded Program Files\\setup.inf C:\\WINDOWS\\eerk.exe C:\\WINDOWS\\privacy_danger C:\\WINDOWS\\privacy_danger\\images\\capt.gif C:\\WINDOWS\\privacy_danger\\images\\danger.jpg C:\\WINDOWS\\privacy_danger\\images\\down.gif C:\\WINDOWS\\privacy_danger\\images\\spacer.gif C:\\WINDOWS\\privacy_danger\\index.htm C:\\WINDOWS\\system32\\drivers\\npf.sys C:\\WINDOWS\\system32\\packet.dll C:\\WINDOWS\\system32\\sex1.ico C:\\WINDOWS\\system32\\sex2.ico C:\\WINDOWS\\system32\\tdssinit.dll C:\\WINDOWS\\system32\\tdssl.dll C:\\WINDOWS\\system32\\tdsslog.dll C:\\WINDOWS\\system32\\tdssmain.dll C:\\WINDOWS\\system32\\tdssservers.dat C:\\WINDOWS\\system32\\vav.cpl C:\\WINDOWS\\system32\\wpcap.dll C:\\WINDOWS\\temp\\perflib_perfdata_1cc.dat C:\\WINDOWS\\tfnslopk.dll

. ;((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\\Legacy_TDSSSERV -------\\Service_NPF -------\\Service_tdssserv ;((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))) . 2008-08-08 18:54 . 2008-08-08 18:16 86,016 --a------ C:\\WINDOWS\\lnvegaow.exe 2008-07-22 13:36 . 2008-07-22 13:36 <;DIR> ;d-------- C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Activision 2008-07-22 13:36 . 2008-07-22 13:36 <;DIR> ;d-------- C:\\Documents and Settings\\All Users\\Dane aplikacji\\Activision 2008-07-22 13:24 . 2008-07-22 13:24 <;DIR> ;d-------- C:\\Program Files\\7-Zip 2008-07-14 20:54 . 2008-07-14 20:54 <;DIR> ;d-------- C:\\Program Files\\Play 2008-07-13 23:16 . 2008-07-13 23:29 <;DIR> ;d-------- C:\\Program Files\\Postal 2 PL 2008-07-09 18:55 . 2008-07-09 18:55 <;DIR> ;d-------- C:\\Program Files\\Tibia 2008-07-09 18:55 . 2008-07-09 18:55 <;DIR> ;d-------- C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Tibia

. ;(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\uTorrent 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Skype 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Hamachi 2008-08-08 07:16 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\skypePM 2008-07-24 21:09 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\mIRC 2008-07-24 20:58 --------- ;d-----w C:\\Program Files\\mIRC 2008-07-21 14:30 --------- ;d--h--w C:\\Program Files\\InstallShield Installation Information 2008-07-21 14:27 --------- ;d-----w C:\\Program Files\\Gothic III 2008-07-21 14:24 --------- ;d-----w C:\\Program Files\\Rayman 3 2008-07-19 14:35 162,008 ----a-w C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys 2008-07-07 17:19 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\FileZilla 2008-07-06 19:29 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\teamspeak2 2008-07-05 19:40 --------- ;d-----w C:\\Program Files\\XAC

ComboFix 08-08-08.04 - Arsenal 2008-08-08 22:18:51.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.517 [GMT 2:00] Running from: C:\\Documents and Settings\\Arsenal\\Pulpit\\ComboFix.exe * Created a new restore point ;[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color] . ;((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\\Program Files\\MalwareAlarm C:\\Program Files\\MalwareAlarm\\MalwareAlarm.exe C:\\Program Files\\MalwareAlarm\\MalwareAlarm.lic C:\\Program Files\\MalwareAlarm\\Uninstall.exe C:\\Program Files\\myglobalsearch C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.JAR C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9FFXTBR.MANIFEST C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.JAR C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9NTSTBR.MANIFEST C:\\Program Files\\myglobalsearch\\bar\\1.bin\\M9PLUGIN.DLL C:\\Program Files\\myglobalsearch\\bar\\1.bin\\MGSBAR.DLL C:\\Program Files\\myglobalsearch\\bar\\1.bin\\NPMYGLSH.DLL C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077B9D7 C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077BB4E.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077CC07.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]077CDFB.bin C:\\Program Files\\myglobalsearch\\bar\\Cache\\[u]0[/u]2BC9A6E C:\\Program Files\\myglobalsearch\\bar\\Cache\\files.ini C:\\Program Files\\myglobalsearch\\bar\\History\\search C:\\Program Files\\myglobalsearch\\bar\\Settings\\prevcfg.htm

C:\\Program Files\\PCHealthCenter C:\\Program Files\\PCHealthCenter\\[u]0[/u].exe C:\\Program Files\\PCHealthCenter\\[u]0[/u].gif C:\\Program Files\\PCHealthCenter\\1.exe C:\\Program Files\\PCHealthCenter\\1.gif C:\\Program Files\\PCHealthCenter\\2.exe C:\\Program Files\\PCHealthCenter\\2.gif C:\\Program Files\\PCHealthCenter\\3.exe C:\\Program Files\\PCHealthCenter\\3.gif C:\\Program Files\\PCHealthCenter\\4.exe C:\\Program Files\\PCHealthCenter\\5.exe C:\\Program Files\\PCHealthCenter\\7.exe C:\\Program Files\\PCHealthCenter\\sex1.ico C:\\Program Files\\PCHealthCenter\\sex2.ico C:\\Program Files\\VAV C:\\Program Files\\VAV\\vav.cpl C:\\Program Files\\VAV\\vav.exe C:\\Program Files\\VAV\\vav0.dat C:\\Program Files\\VAV\\vav1.dat C:\\WINDOWS\\bgrqfetx.dll C:\\WINDOWS\\Downloaded Program Files\\setup.inf C:\\WINDOWS\\eerk.exe C:\\WINDOWS\\privacy_danger C:\\WINDOWS\\privacy_danger\\images\\capt.gif C:\\WINDOWS\\privacy_danger\\images\\danger.jpg C:\\WINDOWS\\privacy_danger\\images\\down.gif C:\\WINDOWS\\privacy_danger\\images\\spacer.gif C:\\WINDOWS\\privacy_danger\\index.htm C:\\WINDOWS\\system32\\drivers\\npf.sys C:\\WINDOWS\\system32\\packet.dll C:\\WINDOWS\\system32\\sex1.ico C:\\WINDOWS\\system32\\sex2.ico C:\\WINDOWS\\system32\\tdssinit.dll C:\\WINDOWS\\system32\\tdssl.dll C:\\WINDOWS\\system32\\tdsslog.dll C:\\WINDOWS\\system32\\tdssmain.dll C:\\WINDOWS\\system32\\tdssservers.dat C:\\WINDOWS\\system32\\vav.cpl C:\\WINDOWS\\system32\\wpcap.dll C:\\WINDOWS\\temp\\perflib_perfdata_1cc.dat C:\\WINDOWS\\tfnslopk.dll

. ;((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\\Legacy_TDSSSERV -------\\Service_NPF -------\\Service_tdssserv ;((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))) . 2008-08-08 18:54 . 2008-08-08 18:16 86,016 --a------ C:\\WINDOWS\\lnvegaow.exe 2008-07-22 13:36 . 2008-07-22 13:36 <;DIR> ;d-------- C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Activision 2008-07-22 13:36 . 2008-07-22 13:36 <;DIR> ;d-------- C:\\Documents and Settings\\All Users\\Dane aplikacji\\Activision 2008-07-22 13:24 . 2008-07-22 13:24 <;DIR> ;d-------- C:\\Program Files\\7-Zip 2008-07-14 20:54 . 2008-07-14 20:54 <;DIR> ;d-------- C:\\Program Files\\Play 2008-07-13 23:16 . 2008-07-13 23:29 <;DIR> ;d-------- C:\\Program Files\\Postal 2 PL 2008-07-09 18:55 . 2008-07-09 18:55 <;DIR> ;d-------- C:\\Program Files\\Tibia 2008-07-09 18:55 . 2008-07-09 18:55 <;DIR> ;d-------- C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Tibia

. ;(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\uTorrent 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Skype 2008-08-08 20:26 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Hamachi 2008-08-08 07:16 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\skypePM 2008-07-24 21:09 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\mIRC 2008-07-24 20:58 --------- ;d-----w C:\\Program Files\\mIRC 2008-07-21 14:30 --------- ;d--h--w C:\\Program Files\\InstallShield Installation Information 2008-07-21 14:27 --------- ;d-----w C:\\Program Files\\Gothic III 2008-07-21 14:24 --------- ;d-----w C:\\Program Files\\Rayman 3 2008-07-19 14:35 162,008 ----a-w C:\\WINDOWS\\system32\\drivers\\PnkBstrK.sys 2008-07-07 17:19 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\FileZilla 2008-07-06 19:29 --------- ;d-----w C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\teamspeak2 2008-07-05 19:40 --------- ;d-----w C:\\Program Files\\XAC

2008-06-28 10:42 --------- ;d-----w C:\\Program Files\\Kangurek Kao - Tajemnica wulkanu 2008-06-20 10:45 360,320 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\\WINDOWS\\system32\\drivers\\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\\WINDOWS\\system32\\drivers\\tcpip6.sys 2008-06-18 13:24 --------- ;d-----w C:\\Program Files\\Common Files\\Wise Installation Wizard 2008-06-18 13:24 --------- ;d-----w C:\\Program Files\\AMD 2008-06-16 18:32 --------- ;d---a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\TEMP 2008-06-14 18:01 273,024 ------w C:\\WINDOWS\\system32\\drivers\\bthport.sys 2008-06-11 17:04 --------- ;d-----w C:\\Program Files\\portalgraphics 2008-05-21 09:39 1 ----a-w C:\\Documents and Settings\\Arsenal\\SI.bin 2008-03-13 18:26 32 ----a-w C:\\Documents and Settings\\All Users\\Dane aplikacji\\ezsid.dat 1999-07-07 00:00 6 --sh--r C:\\WINDOWS\\@@desktop.dat 2007-03-09 07:12 27,648 --sha-w C:\\WINDOWS\\system32\\AVSredirect.dll . ;[code]<;pre> ----a-w 491,520 2003-10-10 15:19:26 C:\\Documents and Settings\\Arsenal\\Pulpit\\rozne\\RaymanRR_bended\\GG_PASSWORD_READER_BY_WEDI_0.2\\GG PASSWORD READER BY WEDI 0.2\\ggpassword\\GGPassword .exe <;/pre>;[/code]


;((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . ;*Note* empty entries & legit default entries are not shown REGEDIT4 ;[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"C:\\WINDOWS\\system32\\ctfmon.exe\" [2004-08-04 00:44 15360] \"MSMSGS\"=\"C:\\Program Files\\Messenger\\msmsgs.exe\" [2004-10-13 18:24 1694208] \"Gadu-Gadu\"=\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" [2007-05-10 16:36 2111176] \"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\"=\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" [2005-10-28 16:25 94208] \"scheduler_monitor\"=\"C:\\Program Files\\ReaConverter 5.0 Pro\\init_scheduler.exe\" [2007-06-15 11:17 27136] \"-75;Torrent\"=\";D:\\utorrent.exe\" [N/A] \"Skype\"=\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" [2008-02-01 18:22 21898024] \"uTorrent\"=\"C:\\Program Files\\uTorrent\\uTorrent.exe\" [2007-09-28 13:39 219952] \";DAEMON Tools Pro Agent\"=\"F:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe\" [2007-09-06 15:08 136136] \"swg\"=\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\" [2007-11-24 13:50 68856] \"Steam\"=\";d:\\program files\\valve\\steam\\steam.exe\" [2008-03-28 12:15 1271032] \"Octoshape Streaming Services\"=\"C:\\Documents and Settings\\Arsenal\\Ustawienia lokalne\\Dane aplikacji\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe\" [2008-05-22 15:59 156944]

\"\\Win68A.exe\"=\"C:\\Windows\\system32\\Win68A.exe\" [N/A] \"\\Win68B.exe\"=\"C:\\Windows\\system32\\Win68B.exe\" [N/A] \"\\Win68C.exe\"=\"C:\\Windows\\system32\\Win68C.exe\" [N/A] \"\\Win68D.exe\"=\"C:\\Windows\\system32\\Win68D.exe\" [N/A] \"\\Win68E.exe\"=\"C:\\Windows\\system32\\Win68E.exe\" [N/A] ;[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"Gainward\"=\"C:\\Program Files\\VDOTool\\TBPanel.exe\" [2007-02-01 18:47 2154496] \"NvCplDaemon\"=\"C:\\WINDOWS\\system32\\NvCpl.dll\" [2007-12-05 02:41 8523776] \"NeroFilterCheck\"=\"C:\\WINDOWS\\system32\\NeroCheck.exe\" [2001-07-09 10:50 155648] \"HP Software Update\"=\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" [2006-02-19 02:41 49152] \"sXe Cheat \"=\"C:\\Documents and Settings\\Arsenal\\Pulpit\\sXe Cheat v1.1\\sXe Cheat.exe\" [N/A] \";PinnacleDriverCheck\"=\"C:\\WINDOWS\\system32\\\\PSDrvCheck.exe\" [2004-03-11 00:26 406016] \"BearShare\"=\"C:\\Program Files\\BearShare\\BearShare.exe\" [N/A] \"WinampAgent\"=\"f:\\Program Files\\Winamp\\winampa.exe\" [2007-04-25 17:44 35328] \"hosted\"=\"C:\\Windows\\system32\\hosted.exe\" [N/A]

\"UVS11 Preload\"=\"F:\\Program Files\\Ulead Systems\\Ulead VideoStudio 11\\uvPL.exe\" [2007-09-12 13:17 340136] \"SunJavaUpdateSched\"=\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\" [2007-09-25 02:11 132496] \"NvMediaCenter\"=\"C:\\WINDOWS\\system32\\NvMcTray.dll\" [2007-12-05 02:41 81920] \"WheelMouse\"=\"C:\\Program Files\\A4Tech\\Mouse\\Amoumain.exe\" [2006-12-26 17:08 196608] \"amd_dc_opt\"=\"C:\\Program Files\\AMD\\amd_dc_opt\\amd_dc_opt.exe\" [2006-06-28 15:42 106496] \"\\Win68A.exe\"=\"C:\\Windows\\system32\\Win68A.exe\" [N/A] \"\\Win68B.exe\"=\"C:\\Windows\\system32\\Win68B.exe\" [N/A] \"\\Win68C.exe\"=\"C:\\Windows\\system32\\Win68C.exe\" [N/A] \"\\Win68D.exe\"=\"C:\\Windows\\system32\\Win68D.exe\" [N/A] \"\\Win68E.exe\"=\"C:\\Windows\\system32\\Win68E.exe\" [N/A] \"Antivirus\"=\"C:\\Program Files\\VAV\\vav.exe\" [N/A] \"nwiz\"=\"nwiz.exe\" [2007-12-05 02:41 1626112 C:\\WINDOWS\\system32\\nwiz.exe] \"RTHDCPL\"=\"RTHDCPL.EXE\" [2007-01-30 12:54 16116224 C:\\WINDOWS\\RTHDCPL.exe] \"SkyTel\"=\"SkyTel.EXE\" [2006-05-16 12:04 2879488 C:\\WINDOWS\\SkyTel.exe] ;[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"C:\\WINDOWS\\System32\\CTFMON.EXE\" [2004-08-04 00:44 15360] C:\\Documents and Settings\\Arsenal\\Menu Start\\Programy\\Autostart\\ Adobe Gamma.lnk - C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] hamachi.lnk - C:\\Program Files\\Hamachi\\hamachi.exe [2007-08-23 22:09:46 619048] C:\\Documents and Settings\\All Users\\Menu Start\\Programy\\Autostart\\ HP Digital Imaging Monitor.lnk - C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32] \"vidc.pim1\"= pclepim1.dll \"VIDC.MJPG\"= Pvmjpg30.dll \"VIDC.X264\"= x264vfw.dll \"VIDC.3iv2\"= 3ivxVfWCodec.dll \"VIDC.VP31\"= vp31vfw.dll \"msacm.l3fhg\"= mp3fhg.acm \"msacm.dvacm\"= C:\\PROGRA~1\\COMMON~1\\ULEADS~1\\Vio\\Dvacm.acm \"msacm.MPEGacm\"= C:\\PROGRA~1\\COMMON~1\\ULEADS~1\\MPEG\\MPEGacm.acm \"msacm.ulmp3acm\"= C:\\PROGRA~1\\COMMON~1\\ULEADS~1\\MPEG\\ulmp3acm.acm ;[HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\lsa] Notification Packages REG_MULTI_SZ scecli scecli scecli ;[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center] \"AntiVirusOverride\"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\system32\\\\sessmgr.exe\"= \"C:\\\\Program Files\\\\Gadu-Gadu\\\\gg.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqtra08.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqste08.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpofxm08.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposfx08.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hposid01.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqscnvw.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqkygrp.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqCopy.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpfccopy.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpzwiz01.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqPhUnl.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Unload\\\\HpqDIA.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpoews01.exe\"= \"C:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\bin\\\\hpqnrs08.exe\"= \"C:\\\\Program Files\\\\BitSpirit\\\\BitSpirit.exe\"= \"C:\\\\Program Files\\\\Pinnacle\\\\Studio 10\\\\programs\\\\RM.exe\"= \"C:\\\\Program Files\\\\Pinnacle\\\\Studio 10\\\\programs\\\\Studio.exe\"= \"C:\\\\Program Files\\\\Pinnacle\\\\Studio 10\\\\programs\\\\PMSRegisterFile.exe\"= \"C:\\\\Program Files\\\\Pinnacle\\\\Studio 10\\\\programs\\\\umi.exe\"= \"F:\\\\Nowy folder\\\\Grand Prix 4 (wystarczy rozpakowac)\\\\Grand Prix 4\\\\GP4.exe\"= \"C:\\\\WINDOWS\\\\system32\\\\dpvsetup.exe\"= \"f:\\\\Program Files\\\\PPMate\\\\PPMate\\\\ppmate.exe\"= \"C:\\\\Program Files\\\\SopCast\\\\SopCast.exe\"= \"C:\\\\Program Files\\\\TVAnts\\\\Tvants.exe\"= \"C:\\\\Program Files\\\\uTorrent\\\\uTorrent.exe\"= \"C:\\\\Program Files\\\\Cyanide\\\\GameCenter\\\\GameCenter.exe\"= \"C:\\\\Program Files\\\\Hamachi\\\\hamachi.exe\"= \"F:\\\\Program Files\\\\TC PowerPack\\\\TOTALCMD.EXE\"=

\"F:\\\\Program Files\\\\Valve\\\\hlds.exe\"= \"F:\\\\Program Files\\\\Valve\\\\hl.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\SteamApps\\\\loordss\\\\counter-strike\\\\hl.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\SteamApps\\\\loordss\\\\dedicated server\\\\hlds.exe\"= \"F:\\\\Program Files\\\\TVUPlayer\\\\TVUPlayer.exe\"= \"C:\\\\PacSteamT\\\\steamapps\\\\inco116\\\\counter-strike source\\\\hl2.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\SteamApps\\\\loordss\\\\ricochet\\\\hl.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\SteamApps\\\\loordss\\\\day of defeat\\\\hl.exe\"= \"C:\\\\Program Files\\\\TmNationsForever\\\\TmForever.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\steam.exe\"= \"C:\\\\Program Files\\\\mIRC\\\\mirc.exe\"= \";D:\\\\Program Files\\\\Valve\\\\Steam\\\\SteamApps\\\\loordss\\\\condition zero\\\\hl.exe\"= \"C:\\\\Program Files\\\\Skype\\\\Phone\\\\Skype.exe\"= \"C:\\\\Documents and Settings\\\\Arsenal\\\\Ustawienia lokalne\\\\Dane aplikacji\\\\Octoshape\\\\Octoshape Streaming Services\\\\OctoshapeClient.exe\"= ;[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List] \"10466:TCP\"= 10466:TCP:BitComet 10466 TCP \"10466:UDP\"= 10466:UDP:BitComet 10466 UDP \"17747:TCP\"= 17747:TCP:BitComet 17747 TCP \"17747:UDP\"= 17747:UDP:BitComet 17747 UDP

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\\WINDOWS\\system32\\drivers\\sfsync03.sys [2005-10-13 15:46] R0 sojubus;sojubus;C:\\WINDOWS\\system32\\DRIVERS\\sojubus.sys [2003-10-05 10:41] R0 sojuscsi;sojuscsi;C:\\WINDOWS\\system32\\DRIVERS\\sojuscsi.sys [2003-09-28 10:57] R1 aswSP;avast! Self Protection;C:\\WINDOWS\\system32\\drivers\\aswSP.sys [2008-07-19 16:35] R2 aswFsBlk;aswFsBlk;C:\\WINDOWS\\system32\\DRIVERS\\aswFsBlk.sys [2008-07-19 16:37] R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\\Program Files\\HWiNFO32\\HWiNFO32.SYS [2006-08-13 10:58] R3 AmdTools;AMD Special Tools Driver;C:\\WINDOWS\\system32\\DRIVERS\\AmdTools.sys [2006-06-27 14:24] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\\WINDOWS\\system32\\DRIVERS\\Amps2prt.sys [2006-05-09 18:27] S3 Aps2wmou;A4Tech PS/2 Port Mouse Filter Driver;C:\\WINDOWS\\system32\\DRIVERS\\Aps2wmou.sys [2000-06-17 01:03] S3 cdiskdun;cdiskdun;C:\\DOCUME~1\\Arsenal\\USTAWI~1\\Temp\\cdiskdun.sys [] S3 KS-959;MA-620 USB Infrared Adapter;C:\\WINDOWS\\system32\\DRIVERS\\KS-959.sys [2005-10-22 10:06] S3 rcp_service;ReaConverter scheduler service;C:\\Program Files\\ReaConverter 5.0 Pro\\rcp_scheduler.exe [2007-06-14 18:45] S3 usbscan;Sterownik skanera USB;C:\\WINDOWS\\system32\\DRIVERS\\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\\WINDOWS\\system32\\DRIVERS\\USBSTOR.SYS [2004-08-03 23:08] . - - - - ORPHANS REMOVED - - - - Toolbar-{31D37C71-38CD-43B4-BBA7-6E7D4C6904AC} - C:\\WINDOWS\\bgrqfetx.dll Notify-WgaLogon - (no file)

. ------- Supplementary Scan ------- . FireFox -: Profile - C:\\Documents and Settings\\Arsenal\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\3gigotx3.default\\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= **************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-08 22:25:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ;************************************************************************** ;[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\run] \"\\\\Win68A.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68A.exe\" \"\\\\Win68B.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68B.exe\" \"\\\\Win68C.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68C.exe\" \"\\\\Win68D.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68D.exe\" \"\\\\Win68E.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68E.exe\"

;[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"\\\\Win68A.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68A.exe\" \"\\\\Win68B.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68B.exe\" \"\\\\Win68C.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68C.exe\" \"\\\\Win68D.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68D.exe\" \"\\\\Win68E.exe\"=\"C:\\\\Windows\\\\system32\\\\Win68E.exe\" . ------------------------ Other Running Processes ------------------------ . C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe C:\\Program Files\\Common Files\\InterVideo\\DeviceService\\DevSvc.exe C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\nvsvc32.exe C:\\WINDOWS\\system32\\PnkBstrA.exe C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe C:\\WINDOWS\\system32\\wdfmgr.exe C:\\WINDOWS\\system32\\UAService7.exe C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe C:\\WINDOWS\\system32\\HPZipm12.exe . ; **************************************************************************

. Completion time: 2008-08-08 22:32:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-08 20:32:52 ;Pre-Run: 97,927,168 bajtów wolnych ;Post-Run: 10,510,331,904 bajt-94;w wolnych 305 --- E O F --- 2008-07-13 07:44:30[/code][/code]

huber2t · 9 Sierpień 2008 03:26

Niech wrzuci log na wklejto.pl i niech tobie da link, a ty go napiszeszna forum

Agaton · 9 Sierpień 2008 06:05

mati539 ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

mati539 · 9 Sierpień 2008 09:42

O to link : http://wklejto.pl/7616

spandaupol · 9 Sierpień 2008 09:55

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.

mati539 · 9 Sierpień 2008 10:20

Prosze o to kolejny log: http://wklejto.pl/7620

spandaupol · 9 Sierpień 2008 10:40

Wklej do notatnika

Z menu Notatnika wybierasz - Plik - Zapisz jako - Zmieniasz rozszerzenie z .txt na wszystkie pliki - zapisz pod nazwą Fix.reg

Uruchom ten plik, potwierdź dodanie do rejestru, uruchom ponownie komputer.

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!

mati539 · 9 Sierpień 2008 11:06

Dzięki za pomoc… Wszystko jest okay…