Problem z włączeniem automatycznej aktualizacji

Witam,

2 dni temu ściągnąłem sobie program.

Od tego czasu sało się coś z komputerem. Kaspersky usunął kilka trojanów, ale wciąż szwankuje mi plik explorer.exe. Komputer bardzo zwolnił, bardzo cięzko otwierają się strony internetowe. Zdarza się, że system załaduje sie bez paska szybkiego uruchamiania. Czasem sam przechodzi w stan uśpienia. Przeskanowałem wszystko kasperskim.

Chciałem zaznaczyć, że w dziedzinie komputerów jestem zielony.

Kaspersky kilka razy dziennie podaje taki komunikat:

Hidden data sending

Proces C:\WINDOWS\Explorer.EXE

Wyświetla się również komunikat, że nie jest włączona autoamtyczna aktualizacja zabezpieczeń i w aden sposób nie mogę jej włączyć.

Zeskanowałem komputer Hijackthis

To mój log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:44:36, on 2008-11-06

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\xx\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8FS3RQKH\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL

R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: {df2dd2b5-1b6c-a939-af24-69d7cd204a63} - {36a402dc-7d96-42fa-939a-c6b15b2dd2fd} - C:\WINDOWS\system32\pbznzm.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - C:\WINDOWS\system32\qoMdCsQK.dll

O2 - BHO: (no name) - {87296FB9-2BC9-4712-B722-5667F6C9054B} - C:\WINDOWS\system32\iifecddc.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL

O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll pbznzm.dll

O20 - Winlogon Notify: qoMdCsQK - C:\WINDOWS\SYSTEM32\qoMdCsQK.dll

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

End of file - 7755 bytes

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)

O2 - BHO: (no name) - {799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - C:\WINDOWS\system32\qoMdCsQK.dll

O2 - BHO: (no name) - {87296FB9-2BC9-4712-B722-5667F6C9054B} - C:\WINDOWS\system32\iifecddc.dll

O2 - BHO: {df2dd2b5-1b6c-a939-af24-69d7cd204a63} - {36a402dc-7d96-42fa-939a-c6b15b2dd2fd} - C:\WINDOWS\system32\pbznzm.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll (file missing)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL

O20 - Winlogon Notify: qoMdCsQK - C:\WINDOWS\SYSTEM32\qoMdCsQK.dll

Fix w hijackthis. Pobierz na pulpit Combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ale nie uruchamiaj go. Otwórz notatnik i wklej:

FILE::

C:\WINDOWS\SYSTEM32\qoMdCsQK.dll

C:\WINDOWS\system32\iifecddc.dll

C:\WINDOWS\system32\pbznzm.dll


FOLDER::

C:\Program Files\MyGlobalSearch

C:\Program Files\AskTBar

Zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif.

Następnie pokaż nowe logi hijackthis i combifix. Log z combofix będzie w folderze combofix na C lub bezpośrednio na C.

Zrobiłem to wszystko, ale nigdzie na C nie ma log z combfix.

Później probowałem go uruchomić ale nie działa

To mój log z hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:24:09, on 2008-11-07

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\xx\Pulpit\ComboFix.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL

O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

End of file - 6337 bytes

oczek29 ,

Daj log z usuwania Combofix

:slight_smile:

Udalo sie po kilkunastu probach :slight_smile:

oto log z combofix

ComboFix 08-11-05.02 - xx 2008-11-07 10:30:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.45 [GMT 1:00]

Uruchomiony z: c:\documents and settings\xx\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\xx\USTAWI~1\Temp\tmp2.tmp

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR

c:\program files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST

c:\program files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR

c:\program files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST

c:\program files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL

c:\program files\myglobalsearch\bar\2.bin\MGSBAR.DLL

c:\program files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL

c:\program files\myglobalsearch\bar\Cache\000A50C0.bin

c:\program files\myglobalsearch\bar\Cache\000A5409.bin

c:\program files\myglobalsearch\bar\Cache\000A5535.bin

c:\program files\myglobalsearch\bar\Cache\000CF5BD

c:\program files\myglobalsearch\bar\Cache\01FD1DE5

c:\program files\myglobalsearch\bar\Cache\files.ini

c:\program files\myglobalsearch\bar\History\search

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

c:\windows\system32_000013_.tmp.dll

c:\windows\system32\cbXQiJay.dll

c:\windows\system32\cddcefii.ini

c:\windows\system32\cddcefii.ini2

c:\windows\system32\fhjpyjey.dll

c:\windows\system32\iifecddc.dll

c:\windows\system32\lwjrjhbw.dll

c:\windows\system32\mcrh.tmp

c:\windows\system32\pbznzm.dll

c:\windows\system32\qoMdCsQK.dll

c:\windows\system32\wbhjrjwl.ini

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OREANS32

-------\Service_oreans32

((((((((((((((((((((((((( Pliki utworzone od 2008-10-07 do 2008-11-07 )))))))))))))))))))))))))))))))

.

2008-11-06 18:00 . 2008-11-06 18:00

2008-11-06 17:27 . 2008-11-06 19:55

2008-10-28 19:29 . 2008-10-28 19:29

2008-10-28 19:28 . 2008-10-28 19:28 0 --a------ c:\windows\nsreg.dat

2008-10-28 19:25 . 2008-10-28 19:25

2008-10-28 19:24 . 2008-10-28 19:24

2008-10-28 19:24 . 2008-10-28 19:25

2008-10-27 19:50 . 2008-10-27 19:51

2008-10-25 05:57 . 2008-10-25 05:57

2008-10-24 07:39 . 2008-10-15 17:36 337,408 -----c— c:\windows\system32\dllcache\netapi32.dll

2008-10-23 14:20 . 2008-10-23 16:41

2008-10-23 14:20 . 2008-10-23 14:20

2008-10-18 18:12 . 2008-10-18 18:12

2008-10-18 18:11 . 2008-11-07 09:33

2008-10-16 07:58 . 2008-09-08 11:41 333,824 -----c— c:\windows\system32\dllcache\srv.sys

2008-10-16 07:57 . 2008-08-14 14:26 2,190,464 -----c— c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 07:57 . 2008-08-14 14:26 2,146,816 -----c— c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 07:57 . 2008-08-14 14:26 2,067,328 -----c— c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 07:57 . 2008-08-14 14:26 2,025,472 -----c— c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 07:57 . 2008-09-15 16:27 1,846,656 -----c— c:\windows\system32\dllcache\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 10:31 642,848 --sha-w c:\windows\system32\drivers\fidbox2.dat

2008-11-07 10:31 24,073,760 --sha-w c:\windows\system32\drivers\fidbox.dat

2008-11-07 10:27 61,220 --sha-w c:\windows\system32\drivers\fidbox2.idx

2008-11-07 10:27 323,276 --sha-w c:\windows\system32\drivers\fidbox.idx

2008-11-07 08:57 --------- d-----w c:\documents and settings\xx\Dane aplikacji\Skype

2008-11-07 08:39 --------- d-----w c:\documents and settings\xx\Dane aplikacji\skypePM

2008-11-07 08:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2008-11-07 04:10 --------- d-----w c:\program files\Trend Micro

2008-11-06 18:56 --------- d-----w c:\program files\Common Files\Adobe

2008-11-03 20:25 --------- d-----w c:\program files\Common Files\Ahead

2008-10-28 18:24 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-28 18:24 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-27 19:10 684,560 ----a-w c:\windows\system32\unins000.exe

2008-10-17 18:10 7,680 ----a-w c:\windows\system32\ff_vfw.dll

2008-10-11 08:34 --------- d–h--w c:\program files\InstallShield Installation Information

2008-10-11 08:14 --------- d-----w c:\program files\Winamp

2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:26 2,190,464 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:26 2,067,328 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-05-16 14:40 20,740,760 ----a-w c:\program files\avinstall.exe

2008-05-16 14:15 18,220,840 ----a-w c:\program files\Onet-SkypeSetup.exe

2006-05-21 09:04 18,432 ----a-w c:\documents and settings\xx\Dane aplikacji\GDIPFONTCACHEV1.DAT

2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL

13008-05-25 04:48 --------- d-----w c:\program files\Java

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Picasa Media Detector”=“c:\program files\Picasa2\PicasaMediaDetector.exe” [2005-10-28 335872]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-10-22 7700480]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-10-22 86016]

“ISUSPM Startup”=“c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-04-17 196608]

“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2004-04-13 69632]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2008-10-28 185872]

“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2008-02-08 227856]

“nwiz”=“nwiz.exe” [2006-10-22 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.DIVF”= DivX412.dll

“vidc.vp31”= vp31vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2008-04-14 18:21 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

–a------ 2008-04-14 18:21 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2006-10-22 11:22 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Messenger\msmsgs.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504]

R2 nvTUNEP;nVidia WDM TVTuner;c:\windows\system32\DRIVERS\nvtunep.sys [2003-02-13 18128]

R2 nvtvSND;nVidia WDM TVAudio Crossbar;c:\windows\system32\DRIVERS\nvtvsnd.sys [2003-02-13 45072]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]

.

Zawartość folderu ‘Zaplanowane zadania’

2008-11-07 c:\windows\Tasks\Symantec NetDetect.job

  • c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]

.

        • USUNIĘTO PUSTE WPISY - - - -

URLSearchHooks-{631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)

BHO-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\qoMdCsQK.dll

BHO-{FF6FBFA6-98FE-4566-9E40-306273D20A1E} - c:\windows\system32\iifecddc.dll

WebBrowser-{631AC2D4-57B3-42B0-A148-DA33B462C1A3} - (no file)

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

ShellExecuteHooks-{799FA50F-FE27-4B70-BC09-A1DEABA1B24D} - c:\windows\system32\qoMdCsQK.dll

MSConfigStartUp-ABmenu - c:\program files\ArcaVir\Bin\ABmenu.exe

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe

MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe

MSConfigStartUp-Cmaudio - cmicnfg.cpl

.

------- Skan uzupełniający -------

.

FireFox -: Profile - c:\documents and settings\xx\Dane aplikacji\Mozilla\Firefox\Profiles\omr01qlb.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 11:29:49

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: c:\windows\explorer.exe

-> c:\windows\system32\nview.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\imapi.exe

.

**************************************************************************

.

Czas ukończenia: 2008-11-07 11:36:39 - komputer został uruchomiony ponownie [xx]

ComboFix-quarantined-files.txt 2008-11-07 10:36:11

Przed: 50,249,953,280 bajtów wolnych

Po: 51,356,565,504 bajtów wolnych

195 — E O F — 2008-11-04 20:21:58

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!