Problem z zawieszajacym sie MSN i plikami exe!

Dla specjalistów Bezpieczeństwo
#1

Witam! !!

Mialam wczesniej jakies wirusy,udalo sie usunac panda,ale zapewne cos jeszcze zostalo,mimo,ze zostaly"wyleczone"…

A jeszcze jedno…dodam,ze dzisiaj moja kumpela logowala sie przy uzyciu swojego konta msn,i zadne okienko “wyskakujace” z msn jak i sam msn nie zablokowal sie.Pewnie dlatego,ze 1 raz sie u mnie logowala,a u mnie wczoraj sie zacielo msn jak automatycznie sma sie wylaczyl komputer i juz wtedy nie moglam otworzyc plikow “exe” oraz winampa.

I wlasnie drugi probleme jest zwiazany z plikami “exe”.Cos sie zmienilo,i teraz zaden z tych plikow nie da sie za chiny otowrzyc.

Probowalam rozwiazac ten problem sposobami z forum,ale niestety nic nie pomoglo :((

Nie moge zrobic tez formatu,gdyz stacja dyskow nie czyta plyt:(((pewnie to sprawka wirusow).

Wklejam loga,i prosze was o pomoc,bo juz nie daje rady :((

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:40:21, on 2009-04-26

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark P910 Series\lxbymon.exe

C:\Program Files\Lexmark P910 Series\ezprint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\lxbycoms.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\SCIAGA~1\FlashGet\jccatch.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\SCIAGA~1\FlashGet\getflash.dll (file missing)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\fgiebar.dll (file missing)

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe

O8 - Extra context menu item: Download All by FlashGet - D:\sciaganie\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\sciaganie\FlashGet\jc_link.htm

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{14F34917-9D9A-4CD2-9B5A-F49906DE85DB}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{41922520-9964-442B-9C3C-DEF96356A6E3}: NameServer = 192.168.1.1

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\init64.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe (file missing)

End of file - 9403 bytes

#2

Nehir , popraw tytuł tematu, używając przycisku ac7a4cd89050aa6e.gif

#3 
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\SCIAGA~1\FlashGet\jccatch.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\SCIAGA~1\FlashGet\getflash.dll (file missing)			

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\fgiebar.dll (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe (file missing)			

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\system32\init64.dll

usuń wpisy HJT

Daj log z ComboFix

#4

Dzieki! :slight_smile: Zrobilam tak jak mowiles,ponizej wklejam log z ComboFix:

ComboFix 09-04-25.A3 - Luku 2009-04-27 18:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.645 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Luku\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\IE4 Error Log.txt

c:\windows\system32\drivers\ovfsth.sys

c:\windows\system32\ovfsthnwqucjfbtixyelrxxhiltspewbruqxct.dat

c:\windows\system32\ovfsthpsetwbpkiwpklytsrnvxdpfqrlbbwsvm.dat

c:\windows\system32\ovfsthwoirmmnemapelmpxlpeyddksphbreumv.db

c:\windows\system32\uniq.tll

c:\windows\system32\wl.exe

c:\windows\Temp\10254.exe

c:\windows\Temp\10739.exe

c:\windows\Temp\1096.exe

c:\windows\Temp\11222.exe

c:\windows\Temp\11247.exe

c:\windows\Temp\11597.exe

c:\windows\Temp\16546.exe

c:\windows\Temp\16848.exe

c:\windows\Temp\17541.exe

c:\windows\Temp\18675.exe

c:\windows\Temp\19580.exe

c:\windows\Temp\22411.exe

c:\windows\Temp\22418.exe

c:\windows\Temp\24555.exe

c:\windows\Temp\25262.exe

c:\windows\Temp\25899.exe

c:\windows\Temp\25904.exe

c:\windows\Temp\26340.exe

c:\windows\Temp\27741.exe

c:\windows\Temp\28988.exe

c:\windows\Temp\30463.exe

c:\windows\Temp\31795.exe

c:\windows\Temp\4225.exe

c:\windows\Temp\5362.exe

c:\windows\Temp\6211.exe

c:\windows\Temp\8898.exe

c:\windows\Temp\8946.exe

c:\windows\Temp\911.exe

c:\windows\Temp\9178.exe

c:\windows\Temp\9568.exe

c:\windows\Temp\9900.exe

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\wnsoj.ayi

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-27 do 2009-4-27 )))))))))))))))))))))))))))))))

.

2009-04-26 22:49 . 2009-04-26 22:49 -------- d-----w c:\program files\Windows Live SkyDrive

2009-04-26 22:49 . 2009-04-26 23:09 -------- d-----w c:\program files\Windows Live

2009-04-26 20:06 . 2009-04-26 20:06 -------- d-----w c:\program files\Windows Installer 4.5 SDK

2009-04-26 19:00 . 2009-04-26 23:12 -------- d-----w c:\program files\MSN Messenger

2009-04-26 16:36 . 2009-04-26 16:39 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Winamp

2009-04-26 16:36 . 2009-04-26 16:36 -------- d-----w c:\program files\Winamp

2009-04-26 14:24 . 2009-04-26 14:24 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Yahoo

2009-04-26 14:00 . 2009-04-26 14:00 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Yahoo!

2009-04-26 13:59 . 2009-04-26 14:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Yahoo!

2009-04-26 13:59 . 2009-04-26 14:26 -------- d-----w c:\program files\Yahoo!

2009-04-26 13:09 . 2009-04-26 13:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Windows Live Toolbar

2009-04-26 13:09 . 2009-04-26 13:10 -------- d-----w c:\program files\Windows Live Toolbar

2009-04-25 18:55 . 2009-04-25 18:55 -------- dc----w c:\documents and settings\All Users\Dane aplikacji{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

2009-04-24 14:57 . 2009-04-24 14:57 37 ----a-w c:\windows\P7ß

2009-04-23 22:09 . 2009-04-23 22:09 37 ----a-w c:\windows\P7ŕ

2009-04-23 12:58 . 2009-04-23 12:58 37 ----a-w c:\windows\P7Q

2009-04-22 11:11 . 2009-04-22 11:11 -------- d-----w c:\program files\Babylon

2009-04-21 21:10 . 2009-04-21 21:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\91D4

2009-04-21 21:09 . 2009-04-21 21:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\337D

2009-04-21 21:09 . 2008-09-25 13:20 483328 ----a-w c:\windows\system32\actskn45.ocx

2009-04-21 17:12 . 2009-04-22 10:52 37 ----a-w c:\windows\ĐžÎ

2009-04-21 10:58 . 2009-04-21 11:35 37 ----a-w c:\windows\PźĽ

2009-04-20 21:08 . 2009-04-20 21:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-04-20 17:54 . 2009-04-23 08:54 37 ----a-w c:\windows\ĐžĘ

2009-04-20 17:24 . 2009-04-23 11:56 37 ----a-w c:\windows\ĐžĽ

2009-04-20 17:15 . 2009-04-23 12:09 37 ----a-w c:\windows\ĐžË

2009-04-20 16:59 . 2009-04-21 11:18 37 ----a-w c:\windows\PźË

2009-04-20 16:28 . 2009-04-21 10:42 37 ----a-w c:\windows\r007

2009-04-20 16:27 . 2009-04-26 18:42 -------- d-----w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Panda Software

2009-04-20 16:27 . 2009-04-26 18:42 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Panda Software

2009-04-20 16:26 . 2009-04-20 16:26 -------- d-----w c:\program files\Panda Software

2009-04-20 16:12 . 2009-04-20 16:12 -------- d-----w c:\windows\system32\LogFiles

2009-04-16 19:56 . 2009-04-16 19:56 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET

2009-04-16 00:45 . 2009-04-16 00:45 118 ----a-w c:\windows\system32\MRT.INI

2009-04-15 22:46 . 2009-04-15 22:46 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\OpenOffice.org

2009-04-15 22:44 . 2009-04-15 22:44 -------- d-----w c:\program files\OpenOffice.org 3

2009-04-15 10:08 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 10:08 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-15 10:08 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-15 10:08 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 10:08 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 10:08 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 10:08 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 10:08 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 10:08 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 09:58 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-15 09:58 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-14 22:24 . 2009-04-14 22:24 0 ----a-w C:\testwma.raw

2009-04-13 23:38 . 2009-04-13 23:38 -------- d-----w c:\windows\system32\KB905474

2009-04-13 23:38 . 2009-03-10 20:26 1436544 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-13 23:38 . 2009-03-10 20:18 455048 ----a-w c:\windows\system32\KB905474\wgasetup.exe

2009-04-13 23:38 . 2009-02-09 16:51 16616 ----a-w c:\windows\system32\KB905474\wga_eula.txt

2009-04-09 10:57 . 2009-04-09 10:57 4096 ----a-w c:\windows\d3dx.dat

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\Luku\Saved Games

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Flood Light Games

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Flood Light Games

2009-04-04 15:09 . 2009-04-04 15:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive

2009-04-03 15:56 . 2009-04-03 15:56 126976 ----a-w c:\windows\system32\winsetup63.exe

2009-04-03 00:22 . 2009-04-27 05:30 807904 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-04-01 15:45 . 2009-04-04 09:09 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Autodesk

2009-04-01 15:45 . 2009-04-04 09:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk

2009-04-01 15:45 . 2009-04-01 15:56 -------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-01 15:45 . 2009-04-01 15:54 -------- d-----w c:\program files\AutoCAD 2009

2009-04-01 15:45 . 2009-04-01 15:45 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Autodesk

2009-04-01 15:43 . 2007-07-19 16:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll

2009-04-01 15:26 . 2009-04-01 15:26 -------- d-----w c:\windows\system32\XPSViewer

2009-04-01 15:25 . 2009-04-01 15:25 -------- d-----w c:\program files\Reference Assemblies

2009-04-01 15:24 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-26 22:34 . 2009-01-19 09:58 105816 ----a-w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-26 18:44 . 2009-01-18 13:31 -------- d–h--w c:\program files\InstallShield Installation Information

2009-04-26 11:25 . 2009-01-22 16:53 -------- d-----w c:\program files\iWin Games

2009-04-26 10:10 . 2001-10-26 14:15 83266 ----a-w c:\windows\system32\perfc015.dat

2009-04-26 10:10 . 2001-10-26 14:15 487982 ----a-w c:\windows\system32\perfh015.dat

2009-04-26 10:02 . 2009-03-19 18:10 -------- d-----w c:\program files\Lavasoft

2009-04-26 10:02 . 2009-03-19 18:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2009-04-26 10:01 . 2009-03-19 17:31 -------- d-----w c:\program files\SkanerOnline

2009-04-26 09:34 . 2009-03-19 19:44 30608 ----a-w C:\aaw7boot.log

2009-04-25 23:52 . 2009-01-18 13:33 -------- d-----w c:\program files\ALLPlayer

2009-04-25 23:52 . 2009-01-18 13:34 -------- d-----w c:\program files\NAPI-PROJEKT

2009-04-25 22:23 . 2009-01-19 14:56 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\DAEMON Tools Lite

2009-04-25 19:04 . 2009-01-20 17:31 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\WLInstaller

2009-04-25 17:32 . 2009-01-19 14:59 -------- d-----w c:\program files\DAEMON Tools Toolbar

2009-04-25 17:25 . 2009-01-19 14:56 721904 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-20 22:31 . 2009-01-19 09:53 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2009-04-20 17:12 . 2009-01-21 23:32 -------- d-----w c:\program files\BearShare

2009-04-20 12:57 . 2009-01-22 17:09 -------- d-----w c:\program files\iWin.com

2009-04-20 11:22 . 2009-01-22 17:19 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-20 08:24 . 2009-04-09 08:17 810 ----a-w C:\lxby.log

2009-04-20 08:02 . 2009-01-19 17:46 58909 ----a-w C:\lxbyscan.log

2009-04-16 00:43 . 2009-01-19 15:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-04-09 10:58 . 2009-02-25 14:10 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\PlayFirst

2009-04-09 10:58 . 2009-02-25 14:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PlayFirst

2009-04-09 10:57 . 2009-04-09 10:57 4096 ----a-w c:\windows\d3dx.dat

2009-04-01 15:36 . 2009-01-19 15:08 -------- d-----w c:\program files\MSBuild

2009-03-20 14:22 . 2009-03-20 14:22 -------- d-----w c:\program files\Trend Micro

2009-03-19 20:05 . 2009-03-19 20:05 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\ESET

2009-03-19 20:03 . 2009-01-19 10:44 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET

2009-03-19 17:58 . 2009-03-19 17:58 2732 ----a-w C:\avenger.txt

2009-03-19 17:57 . 2009-03-19 17:49 7596 ----a-w C:\mksbasel.cpp.log

2009-03-18 15:19 . 2009-03-18 14:27 1516 ----a-w C:\br.exe

2009-03-10 17:56 . 2009-01-19 17:44 -------- d-----w c:\program files\Lx_cats

2009-03-08 19:23 . 2009-01-19 15:41 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Skype

2009-03-08 18:38 . 2009-01-19 15:43 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\skypePM

2009-03-06 22:10 . 2009-03-06 22:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\20242

2009-03-06 14:22 . 2004-08-03 22:44 285696 ----a-w c:\windows\system32\pdh.dll

2009-03-05 00:26 . 2009-03-05 00:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\42C

2009-02-20 08:12 . 2004-08-03 22:44 668672 ----a-w c:\windows\system32\wininet.dll

2009-02-20 08:11 . 2004-08-03 22:44 81920 ----a-w c:\windows\system32\ieencode.dll

2009-02-10 17:09 . 2004-08-04 00:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:07 . 2004-08-03 22:37 1847040 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:26 . 2004-08-03 22:39 2190336 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2004-08-03 22:44 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-03 22:44 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-03 22:44 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-03 22:43 686592 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-03 22:43 722944 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 10:39 . 2001-10-26 15:30 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2004-08-03 22:44 56832 ----a-w c:\windows\system32\secur32.dll

2009-01-28 19:21 . 2009-01-18 12:59 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-01-28 19:21 . 2009-01-18 12:59 2740 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin

2009-01-28 19:08 . 2004-08-03 20:59 251152 --sha-r C:\ntldr

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-04-10 37888]

“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2008-08-14 565008]

“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe” [2008-08-14 2407184]

“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]

“LXBYCATS”=“c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll” [2004-11-02 69632]

“lxbymon.exe”=“c:\program files\Lexmark P910 Series\lxbymon.exe” [2005-01-18 196608]

“FaxCenterServer”=“c:\program files\Lexmark Fax Solutions\fm3032.exe” [2004-11-22 299008]

“EzPrint”=“c:\program files\Lexmark P910 Series\ezprint.exe” [2004-09-17 61440]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-19 136600]

“NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“SoundMan”=“SOUNDMAN.EXE” - c:\windows\SOUNDMAN.EXE [2003-08-05 57344]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\Luku\Menu Start\Programy\Autostart\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-19 66864]

WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-3-8 146944]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=

“c:\Program Files\BearShare\BearShare.exe”=

“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=

“c:\Program Files\MSN Messenger\msnmsgr.exe”=

“c:\Program Files\MSN Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

S3 M2400;IEEE 802.11b Wireless Network Driver;c:\windows\system32\DRIVERS\M2400.sys [2004-03-03 62080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c0c5327f-e639-11dd-a0ae-000c76ca1731}]

\Shell\AutoRun\command - D:\2u.com

\Shell\explore\Command - D:\2u.com

\Shell\open\Command - D:\2u.com

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-26 c:\windows\Tasks\WGASetup.job

  • c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18]

.

        • USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

HKLM-Run-APVXDWIN - c:\program files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE

Notify-avldr - avldr.dll

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.interia.pl/

IE: Download All by FlashGet - d:\sciaganie\FlashGet\jc_all.htm

IE: Download using FlashGet - d:\sciaganie\FlashGet\jc_link.htm

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: plaxo.com\www

TCP: {14F34917-9D9A-4CD2-9B5A-F49906DE85DB} = 192.168.1.1

TCP: {41922520-9964-442B-9C3C-DEF96356A6E3} = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Luku\Dane aplikacji\Mozilla\Firefox\Profiles\zqt2b5nw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-27 18:13

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthbdveuhrldlyxgwljbphxreecbommqtdu]

“imagepath”="\systemroot\system32\drivers\ovfsthifaqfajycngjxujeyrrinlovlesxebwo.sys"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘explorer.exe’(6520)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\WgaTray.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

c:\windows\system32\lxbycoms.exe

c:\program files\MicroStar\WLANUtility\WLAN_Service.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Czas ukończenia: 2009-04-27 18:18 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-27 16:18

Przed: 3 420 123 136 bajtów wolnych

Po: 4 551 475 200 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

300 — E O F — 2009-04-26 08:35

#5

Użyj - http://www.bezpieczenstwosystemow.pl/in … pic=1647.0

- Flash Disinfector

- BitDefender Pica Removal Tool

- PRT (Perlovga Removal Tool)

Wykonaj skan Dr. Web CureIt

#6

Hej! :slight_smile: Dzieki! !!

#7 
Wykonaj skan Dr. Web CureIt

gdzie raport?

#8

Przeskanowalam komputer za pomoca tego Dr.Web Curelt.Ale nie pokazuje mi sie zaden raport:P

#9

Daj jeszcze raz log z Combo, to nie koniec.

#10

Prosze: :slight_smile:

ComboFix 09-04-29.01 - Luku 2009-04-29 20:07.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.680 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Luku\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Poprzednie uruchomienie -------

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-4-29 )))))))))))))))))))))))))))))))

.

2009-04-28 15:44 . 2009-04-28 15:44 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Nero

2009-04-28 14:28 . 2009-04-28 22:12 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero

2009-04-28 14:28 . 2009-04-28 22:13 -------- d-----w c:\program files\Common Files\Nero

2009-04-28 10:31 . 2009-04-28 10:31 -------- d-----w c:\documents and settings\Luku\DoctorWeb

2009-04-27 18:23 . 2009-04-28 00:52 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-04-27 18:23 . 2009-04-27 18:23 -------- d-----w c:\program files\Avira

2009-04-26 22:49 . 2009-04-26 22:49 -------- d-----w c:\program files\Windows Live SkyDrive

2009-04-26 22:49 . 2009-04-26 23:09 -------- d-----w c:\program files\Windows Live

2009-04-26 20:06 . 2009-04-26 20:06 -------- d-----w c:\program files\Windows Installer 4.5 SDK

2009-04-26 19:00 . 2009-04-26 23:12 -------- d-----w c:\program files\MSN Messenger

2009-04-26 16:36 . 2009-04-26 16:36 -------- d-----w c:\program files\Winamp

2009-04-26 16:36 . 2009-04-26 16:39 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Winamp

2009-04-26 14:24 . 2009-04-26 14:24 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Yahoo

2009-04-26 14:00 . 2009-04-26 14:00 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Yahoo!

2009-04-26 13:59 . 2009-04-26 14:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Yahoo!

2009-04-26 13:59 . 2009-04-26 14:26 -------- d-----w c:\program files\Yahoo!

2009-04-26 13:09 . 2009-04-26 13:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Windows Live Toolbar

2009-04-26 13:09 . 2009-04-26 13:10 -------- d-----w c:\program files\Windows Live Toolbar

2009-04-25 18:55 . 2009-04-25 18:55 -------- dc----w c:\documents and settings\All Users\Dane aplikacji{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

2009-04-22 11:11 . 2009-04-22 11:11 -------- d-----w c:\program files\Babylon

2009-04-21 21:10 . 2009-04-21 21:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\91D4

2009-04-21 21:09 . 2009-04-21 21:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\337D

2009-04-20 21:08 . 2009-04-20 21:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-04-20 16:27 . 2009-04-26 18:42 -------- d-----w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Panda Software

2009-04-20 16:27 . 2009-04-26 18:42 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Panda Software

2009-04-20 16:26 . 2009-04-20 16:26 -------- d-----w c:\program files\Panda Software

2009-04-20 16:12 . 2009-04-20 16:12 -------- d-----w c:\windows\system32\LogFiles

2009-04-16 19:56 . 2009-04-16 19:56 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET

2009-04-15 22:46 . 2009-04-15 22:46 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\OpenOffice.org

2009-04-15 22:44 . 2009-04-15 22:44 -------- d-----w c:\program files\OpenOffice.org 3

2009-04-15 10:08 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 10:08 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-15 10:08 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-15 10:08 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 10:08 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 10:08 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 10:08 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 10:08 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 10:08 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 09:58 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-13 23:38 . 2009-04-13 23:38 -------- d-----w c:\windows\system32\KB905474

2009-04-13 23:38 . 2009-03-10 20:26 1436544 ----a-w c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-04-13 23:38 . 2009-03-10 20:18 455048 ----a-w c:\windows\system32\KB905474\wgasetup.exe

2009-04-09 10:57 . 2009-04-09 10:57 4096 ----a-w c:\windows\d3dx.dat

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\Luku\Saved Games

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Flood Light Games

2009-04-08 16:26 . 2009-04-08 16:26 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Flood Light Games

2009-04-04 15:09 . 2009-04-04 15:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive

2009-04-03 15:56 . 2009-04-03 15:56 126976 ----a-w c:\windows\system32\winsetup63.exe

2009-04-03 00:22 . 2009-04-27 05:30 807904 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-04-01 15:45 . 2009-04-01 15:56 -------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-01 15:45 . 2009-04-04 09:09 -------- d-----w c:\documents and settings\Luku\Dane aplikacji\Autodesk

2009-04-01 15:45 . 2009-04-04 09:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk

2009-04-01 15:45 . 2009-04-01 15:54 -------- d-----w c:\program files\AutoCAD 2009

2009-04-01 15:45 . 2009-04-01 15:45 -------- d-----w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\Autodesk

2009-04-01 15:43 . 2007-07-19 16:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll

2009-04-01 15:26 . 2009-04-01 15:26 -------- d-----w c:\windows\system32\XPSViewer

2009-04-01 15:25 . 2009-04-01 15:25 -------- d-----w c:\program files\Reference Assemblies

2009-04-01 15:24 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-26 22:34 . 2009-01-19 09:58 105816 ----a-w c:\documents and settings\Luku\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-26 18:44 . 2009-01-18 13:31 -------- d–h--w c:\program files\InstallShield Installation Information

2009-04-26 11:25 . 2009-01-22 16:53 -------- d-----w c:\program files\iWin Games

2009-04-26 10:10 . 2001-10-26 14:15 83266 ----a-w c:\windows\system32\perfc015.dat

2009-04-26 10:10 . 2001-10-26 14:15 487982 ----a-w c:\windows\system32\perfh015.dat

2009-04-26 10:02 . 2009-03-19 18:10 -------- d-----w c:\program files\Lavasoft

2009-04-26 10:01 . 2009-03-19 17:31 -------- d-----w c:\program files\SkanerOnline

2009-04-25 23:52 . 2009-01-18 13:33 -------- d-----w c:\program files\ALLPlayer

2009-04-25 23:52 . 2009-01-18 13:34 -------- d-----w c:\program files\NAPI-PROJEKT

2009-04-25 17:32 . 2009-01-19 14:59 -------- d-----w c:\program files\DAEMON Tools Toolbar

2009-04-25 17:25 . 2009-01-19 14:56 721904 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-20 17:12 . 2009-01-21 23:32 -------- d-----w c:\program files\BearShare

2009-04-20 12:57 . 2009-01-22 17:09 -------- d-----w c:\program files\iWin.com

2009-04-01 15:36 . 2009-01-19 15:08 -------- d-----w c:\program files\MSBuild

2009-03-20 14:22 . 2009-03-20 14:22 -------- d-----w c:\program files\Trend Micro

2009-03-18 15:19 . 2009-03-18 14:27 1516 ----a-w C:\br.exe

2009-03-10 17:56 . 2009-01-19 17:44 -------- d-----w c:\program files\Lx_cats

2009-03-06 14:22 . 2004-08-03 22:44 285696 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:12 . 2004-08-03 22:44 668672 ----a-w c:\windows\system32\wininet.dll

2009-02-20 08:11 . 2004-08-03 22:44 81920 ----a-w c:\windows\system32\ieencode.dll

2009-02-10 17:09 . 2004-08-04 00:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:07 . 2004-08-03 22:37 1847040 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:26 . 2004-08-03 22:39 2190336 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:25 . 2004-08-03 22:44 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-03 22:44 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-03 22:44 731136 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-03 22:43 686592 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-03 22:43 722944 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 10:39 . 2001-10-26 15:30 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2004-08-03 22:44 56832 ----a-w c:\windows\system32\secur32.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-27_16.13.41 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

  • 2009-04-28 14:28 . 2009-04-28 14:28 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll

  • 2009-04-29 18:01 . 2009-04-29 18:01 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat

  • 2003-04-18 14:29 . 2003-04-18 14:29 82432 c:\windows\system32\msxml4r.dll

  • 2006-03-17 13:49 . 2006-03-17 13:49 368640 c:\windows\system32\twnlib4.dll

  • 2008-07-04 08:23 . 2008-07-04 08:23 802816 c:\windows\system32\imagXRA7.dll

  • 2008-07-04 08:23 . 2008-07-04 08:23 258048 c:\windows\system32\imagXR7.dll

  • 2008-07-04 08:23 . 2008-07-04 08:23 497296 c:\windows\system32\imagXpr7.dll

  • 2009-04-28 14:28 . 2009-04-28 14:28 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll

  • 2003-04-18 14:46 . 2003-04-18 14:46 1233920 c:\windows\system32\msxml4.dll

  • 2008-07-04 08:23 . 2008-07-04 08:23 1757184 c:\windows\system32\imagX7.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“msnmsgr”=“c:\program files\MSN Messenger\msnmsgr.exe” [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2009-04-10 37888]

“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2008-08-14 565008]

“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe” [2008-08-14 2407184]

“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648]

“LXBYCATS”=“c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll” [2004-11-02 69632]

“lxbymon.exe”=“c:\program files\Lexmark P910 Series\lxbymon.exe” [2005-01-18 196608]

“FaxCenterServer”=“c:\program files\Lexmark Fax Solutions\fm3032.exe” [2004-11-22 299008]

“EzPrint”=“c:\program files\Lexmark P910 Series\ezprint.exe” [2004-09-17 61440]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-19 136600]

“NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“SoundMan”=“SOUNDMAN.EXE” - c:\windows\SOUNDMAN.EXE [2003-08-05 57344]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\Luku\Menu Start\Programy\Autostart\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-2 113664]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-19 66864]

WlanUtility.lnk - c:\program files\MicroStar\WLANUtility\WlanUtility.exe [2005-3-8 146944]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=

“c:\Program Files\BearShare\BearShare.exe”=

“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=

“c:\Program Files\MSN Messenger\msnmsgr.exe”=

“c:\Program Files\MSN Messenger\livecall.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

S3 M2400;IEEE 802.11b Wireless Network Driver;c:\windows\system32\DRIVERS\M2400.sys [2004-03-03 62080]

— Inne Usługi/Sterowniki w Pamięci —

*Deregistered* - avgio

*Deregistered* - avipbb

*Deregistered* - ssmdrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c0c5327f-e639-11dd-a0ae-000c76ca1731}]

\Shell\AutoRun\command - D:\2u.com

\Shell\explore\Command - D:\2u.com

\Shell\open\Command - D:\2u.com

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-29 c:\windows\Tasks\WGASetup.job

  • c:\windows\system32\KB905474\wgasetup.exe [2009-04-13 20:18]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.interia.pl/

IE: Download All by FlashGet - d:\sciaganie\FlashGet\jc_all.htm

IE: Download using FlashGet - d:\sciaganie\FlashGet\jc_link.htm

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: plaxo.com\www

TCP: {14F34917-9D9A-4CD2-9B5A-F49906DE85DB} = 192.168.1.1

TCP: {41922520-9964-442B-9C3C-DEF96356A6E3} = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Luku\Dane aplikacji\Mozilla\Firefox\Profiles\zqt2b5nw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-29 20:09

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-04-29 20:11

ComboFix-quarantined-files.txt 2009-04-29 18:10

ComboFix2.txt 2009-04-27 16:18

Przed: 4 320 673 792 bajtów wolnych

Po: 4 317 179 904 bajtów wolnych

217 — E O F — 2009-04-29 07:57

#11 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0c5327f-e639-11dd-a0ae-000c76ca1731}]

\Shell\AutoRun\command - D:\2u.com

\Shell\explore\Command - D:\2u.com

\Shell\open\Command - D:\2u.com

Użyj - http://www.bezpieczenstwosystemow.pl/in … pic=1647.0

- Flash Disinfector

- BitDefender Pica Removal Tool

- PRT (Perlovga Removal Tool)

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

#12

Zainstalowalam programy, i co teraz ? :wink:

#13

Wykonałeś instrukcje? Daj nowy log z Combo zobaczymy czy dobrze to zrobiłeś.

#14

Ups,a ja juz odinstalowalam programy,oczywiscie po wczesniejsztym skanowaniu…Nie wiem czy dobrze zorbilam :roll:

Oto log: http://www.wklej.org/id/84653/

#15 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0c5327f-e639-11dd-a0ae-000c76ca1731}]

\Shell\AutoRun\command - D:\2u.com

\Shell\explore\Command - D:\2u.com

\Shell\open\Command - D:\2u.com

poczytaj dokładnie co i jak, dodatkowo użyj - http://www.bezpieczenstwosystemow.pl/in … pic=5174.0

Po tym dokładny skan Dr. Web CureIt + raport!

#16

Raport UsbFix:

http://www.wklej.org/id/86450/

Dodane 04.05.2009 (Pn) 23:14

Raport Dr.Web:

ComboFix.exe/data002\32788R22FWJFW\FIND3M.bat C:\Documents and Settings\Luku\Pulpit\ComboFix.exe/data002 Prawdopodobnie BATCH.Virus

ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\Luku\Pulpit\ComboFix.exe/data002 Program.PsExec.171

data002 C:\Documents and Settings\Luku\Pulpit Archiwum zawierające zainfekowane obiekty

ComboFix.exe C:\Documents and Settings\Luku\Pulpit Kontener zawiera zainfekowane obiekty

BSInstall5.2.5.1.exe\data016 C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe Adware.SearchAid.40

BSInstall5.2.5.1.exe C:\Program Files\BearShare\Installer Archiwum zawierające zainfekowane obiekty

Titanic.pps E:\JAnna\slajdy i filmiki Prawdopodobnie office.exploit.gen

bsinstallpl.exe\data019 E:\Internet\Programy\bsinstallpl.exe Adware.SearchAid.40

bsinstallpl.exe\data025 E:\Internet\Programy\bsinstallpl.exe Adware.SaveNow

bsinstallpl.exe E:\Internet\Programy Archiwum zawierające zainfekowane obiekty