Proszę o pomoc w usunięciu antyvirus 2009


(Piotrkijak) #1

Witam. Podczas korzystania z internetu omyłkowo pobrałem plik i zainstalował mi się w/w program.

Bardzo proszę o pomoc w usunięciu.

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:02:50, on 2008-07-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Antivirus 2009\av2009.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beta.onet.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [07591300343477381059145790952622] C:\Program Files\Antivirus 2009\av2009.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)

O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx (file missing)

O21 - SSODL: xvorfwbd - {A637A47C-66A2-462B-A821-F659891659B9} - C:\WINDOWS\xvorfwbd.dll (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5708 bytes

I jeszcze zapomniałem dodać, że wgrał mi się jakiś angielski security center


(Spandau) #2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.


(Kambor4) #3

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Daj log z -----> ComboFix


(Piotrkijak) #4

Log z combo fix

ComboFix 08-07-15.4 - Piotr 2008-07-17 13:48:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.573 [GMT 2:00]

Running from: C:\Documents and Settings\Piotr\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Piotr\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\Program Files\Antivirus 2009\av2009.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Antivirus 2009

C:\Program Files\Antivirus 2009\av2009.exe

C:\WINDOWS\neltabxw.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))

.

2008-07-16 20:19 . 2008-07-16 20:19 159,867 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe

2008-07-16 20:16 . 2008-07-16 20:16

2008-07-15 21:02 . 2004-01-12 00:00 348,160 --a------ C:\WINDOWS\system\msvcr71.dll

2008-07-15 20:54 . 2008-07-15 20:54

2008-07-15 17:51 . 2008-07-15 17:51

2008-07-15 17:11 . 2008-07-15 17:11

2008-07-15 16:55 . 2008-07-15 16:55 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-07-15 16:55 . 2008-07-15 16:55 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-07-15 16:55 . 2008-07-15 16:55 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-07-15 16:55 . 2008-07-15 16:55 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest

2008-07-15 16:55 . 2008-07-15 16:55 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-07-15 16:55 . 2008-07-15 16:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-07-15 16:04 . 2008-07-15 16:04

2008-07-15 16:00 . 2008-07-15 16:00

2008-07-15 16:00 . 2008-07-15 16:09

2008-07-14 19:48 . 2008-07-14 19:49

2008-07-14 19:48 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-07-14 14:55 . 2008-07-14 14:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-14 14:55 . 2008-07-14 14:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2008-07-14 13:55 . 2008-07-14 13:55 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-07-14 13:55 . 2008-07-14 13:55 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys

2008-07-14 13:55 . 2006-03-01 09:25 8,704 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys

2008-07-14 13:48 . 2008-07-14 13:48

2008-07-14 13:48 . 2008-07-14 13:48

2008-07-14 13:47 . 2007-04-03 13:57 100,488 --a------ C:\WINDOWS\system32\drivers\s116mgmt.sys

2008-07-14 13:47 . 2007-04-03 13:57 99,080 --a------ C:\WINDOWS\system32\drivers\s116unic.sys

2008-07-14 13:47 . 2007-04-03 13:57 98,696 --a------ C:\WINDOWS\system32\drivers\s116obex.sys

2008-07-14 13:47 . 2007-04-03 13:57 11,016 --a------ C:\WINDOWS\system32\drivers\s116cr.sys

2008-07-14 13:46 . 2007-04-03 13:57 108,680 --a------ C:\WINDOWS\system32\drivers\s116mdm.sys

2008-07-14 13:46 . 2007-04-03 13:57 83,336 --a------ C:\WINDOWS\system32\drivers\s116bus.sys

2008-07-14 13:46 . 2007-04-03 13:57 23,176 --a------ C:\WINDOWS\system32\drivers\s116nd5.sys

2008-07-14 13:46 . 2007-04-03 13:57 15,112 --a------ C:\WINDOWS\system32\drivers\s116mdfl.sys

2008-07-14 13:46 . 2007-04-03 13:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116whnt.sys

2008-07-14 13:46 . 2007-04-03 13:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116wh.sys

2008-07-14 13:46 . 2007-04-03 13:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cmnt.sys

2008-07-14 13:46 . 2007-04-03 13:57 12,424 --a------ C:\WINDOWS\system32\drivers\s116cm.sys

2008-07-14 13:45 . 2008-07-14 13:45

2008-07-14 13:45 . 2008-07-14 13:55

2008-07-14 12:17 . 2008-07-14 12:17

2008-07-13 22:29 . 2008-07-13 22:31

2008-07-13 22:11 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2008-07-13 22:11 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2008-07-13 22:11 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2008-07-13 22:11 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-07-13 22:09 . 2008-07-13 22:09

2008-07-13 22:09 . 1999-05-29 05:13 301,568 --a------ C:\WINDOWS\system32\l3codecp.acm

2008-07-13 20:46 . 2008-07-13 20:46 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-13 20:46 . 2008-07-13 20:46 715 --a------ C:\WINDOWS\unins000.dat

2008-07-13 19:35 . 2008-07-13 19:35 0 --a------ C:\WINDOWS\mngui.INI

2008-07-13 18:34 . 2008-07-13 18:34

2008-07-13 15:21 . 2008-07-13 15:21

2008-07-13 05:54 . 2008-07-13 05:54

2008-07-12 19:25 . 2008-07-12 19:27 487 --a------ C:\Documents and Settings\Piotr\CR-DX8WP.reg

2008-07-12 19:04 . 2008-07-12 19:04

2008-07-12 19:04 . 2008-07-12 19:04

2008-07-12 09:14 . 2008-07-16 16:19

2008-07-12 09:14 . 2008-07-12 09:15

2008-07-12 08:24 . 2008-07-12 08:24

2008-07-12 08:24 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

2008-06-22 23:37 . 2008-06-22 23:37

2008-06-22 23:18 . 2008-06-22 23:19

2008-06-22 22:09 . 2008-06-22 22:09

2008-06-22 22:09 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2008-06-22 22:08 . 2008-07-13 20:27

2008-06-22 22:08 . 2008-07-13 13:14

2008-06-22 22:08 . 2008-06-22 22:08

2008-06-22 21:58 . 2008-06-22 21:58

2008-06-22 21:55 . 2008-06-22 21:55

2008-06-22 21:51 . 2008-07-14 13:56

2008-06-22 21:50 . 2008-07-14 13:54

2008-06-22 21:50 . 2008-07-14 13:43

2008-06-22 13:46 . 2008-06-22 13:46

2008-06-22 09:24 . 2008-06-22 09:26

2008-06-21 19:59 . 2008-07-12 18:41

2008-06-21 19:59 . 2008-06-21 19:59

2008-06-21 19:56 . 2008-07-12 18:42

2008-06-21 18:11 . 2008-07-14 13:44

2008-06-21 17:35 . 2008-06-21 17:37

2008-06-21 12:12 . 2008-06-21 13:43 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-06-21 12:12 . 2008-06-21 13:42 88 -rahs---- C:\WINDOWS\system32\8D25E9DBBA.sys

2008-06-21 12:10 . 2008-06-21 12:10

2008-06-21 10:28 . 2008-06-21 10:55

2008-06-20 23:37 . 2008-07-15 16:03

2008-06-20 23:15 . 2008-07-17 13:03

2008-06-20 22:17 . 2008-06-20 17:55 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg

2008-06-20 22:09 . 2008-06-20 22:09

2008-06-20 22:06 . 2008-07-14 13:48

2008-06-20 19:52 . 2008-06-20 19:52

2008-06-20 19:50 . 2008-06-20 19:50

2008-06-20 17:55 . 2008-06-20 17:55 359,040 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL

2008-06-20 17:19 . 2008-06-20 17:19

2008-06-20 16:59 . 2008-06-20 17:00

2008-06-20 16:59 . 2008-06-20 17:13

2008-06-20 16:43 . 2001-10-26 16:46 23,936 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys

2008-06-20 16:43 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys

2008-06-20 16:42 . 2004-08-03 22:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys

2008-06-20 12:48 . 2008-06-20 12:48

2008-06-20 08:46 . 2008-06-20 08:46

2008-06-19 18:38 . 2008-06-19 18:38

2008-06-19 18:38 . 2008-06-19 18:38

2008-06-19 16:04 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-06-19 10:47 . 2008-07-12 19:32

2008-06-19 10:47 . 2008-07-13 11:30

2008-06-19 10:07 . 2008-06-20 22:36

2008-06-19 10:07 . 2008-07-16 16:36

2008-06-19 08:35 . 2008-06-19 10:11

2008-06-19 08:22 . 2008-07-13 20:27

2008-06-18 11:00 . 2008-06-21 21:26

2008-06-18 11:00 . 2008-06-18 11:00

2008-06-18 10:56 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-06-18 10:55 . 2008-06-18 10:56

2008-06-18 10:55 . 2008-06-18 10:55

2008-06-18 08:31 . 2008-06-18 08:31

2008-06-18 08:28 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-06-18 08:20 . 2008-06-21 17:04

2008-06-18 08:20 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-06-18 08:20 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-06-18 08:20 . 2008-07-17 14:00 88,566 --a------ C:\WINDOWS\system32\nvapps.xml

2008-06-18 08:20 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-06-18 08:19 . 2008-07-13 22:06

2008-06-18 08:18 . 2008-06-18 08:18

2008-06-18 08:16 . 2008-06-18 08:16

2008-06-18 08:13 . 2008-06-18 09:35

2008-06-18 08:13 . 2008-07-15 17:06

2008-06-18 08:13 . 2008-06-18 07:52

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-18 07:10 --------- d-----w C:\Program Files\Trend Micro

2008-06-18 05:56 --------- d-----w C:\Program Files\Usługi online

2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:20 360448]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]

"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe"=

"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"=

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\BitLord\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"48293:TCP"= 48293:TCP:Azur

"48293:UDP"= 48293:UDP:Azur2

"11044:TCP"= 11044:TCP:BitComet 11044 TCP

"11044:UDP"= 11044:UDP:BitComet 11044 UDP

"24127:TCP"= 24127:TCP:BitComet 24127 TCP

"24127:UDP"= 24127:UDP:BitComet 24127 UDP

"6346:TCP"= 6346:TCP:BitComet 6346 TCP

"6346:UDP"= 6346:UDP:BitComet 6346 UDP

"9567:TCP"= 9567:TCP:BitComet 9567 TCP

"9567:UDP"= 9567:UDP:BitComet 9567 UDP

"8080:TCP"= 8080:TCP:BitComet 8080 TCP

"8080:UDP"= 8080:UDP:BitComet 8080 UDP

"6469:TCP"= 6469:TCP:BitComet 6469 TCP

"6469:UDP"= 6469:UDP:BitComet 6469 UDP

"7000:TCP"= 7000:TCP:BitComet 7000 TCP

"7000:UDP"= 7000:UDP:BitComet 7000 UDP

"25531:TCP"= 25531:TCP:uTorrent

S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-14 13:55]

.

Contents of the 'Scheduled Tasks' folder

"2008-07-17 10:58:45 C:\WINDOWS\Tasks\User_Feed_Synchronization-{98F46399-6830-42A9-A343-CE917A360BD0}.job"

  • C:\WINDOWS\system32\msfeedssync.exe

.

  • ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe

MSConfigStartUp-Google IME Autoupdater - C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-17 14:00:25

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe

  • C:\WINDOWS\system32\nview.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe

.

**************************************************************************

.

Completion time: 2008-07-17 14:08:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-17 12:07:10

Pre-Run: 2,346,196,992 bajtów wolnych

Post-Run: 2,321,469,440 bajt˘w wolnych

247


(Leon$) #5

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile: