PurityScan i Outerinfo jak się pozbyć?

krystian99901 · 3 Sierpień 2007 15:44

Otóż AVG anti Syware wykrył mi Purity Scan ale wziął do kwarantanny i nie wiem jak usunąć. Na dysku ponadto znalazłem folder Outerinfo, czytałem, że to tez wirus, usunąłem ręcznie ale pewnie jakiś syf został, daje logi.

Logfile of HijackThis v1.99.1 Scan saved at 17:41:07, on 2007-08-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Programy sciagniete\Gadu-Gadu\gg.exe D:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Krystian\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy sciagniete\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open With JPEGCompress - res://D:\Program Files\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra ‘Tools’ menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7923057671 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{D865AC75-38A1-4BA8-A273-1665D359BF87}: NameServer = 85.255.113.147 85.255.112.188 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nowy folder\Nero 7\Nero BackItUp\NBService.exe

jessica · 3 Sierpień 2007 15:56

Masz ukraińską infekcję czyli Rootkit “Windows Security Center”.

Ściągnij i użyj fixWareout

Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.

Potem sfiksuj ten wpis w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Jeśli chodzi o Kwarantannę w AVG, to chyba jest tam gdzieś w jego Ustawieniach opcja “Opróżnij Kwarantannę” - nie mam AVG, więc dokładnie Ci nie wytłumaczę.

Potem daj log z Hijacka oraz log z ComboFixa:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

(na samym dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.

.

krystian99901 · 3 Sierpień 2007 16:15

Nie za bardzo wiem który? Oto raport fixWareout

Username “Krystian” - 2007-08-03 18:04:35 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{D865AC75-38A1-4BA8-A273-1665D359BF87} “nameserver”=“85.255.113.147” Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … »»»»» Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TkBellExe”="“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”="“D:\Programy sciagniete\Gadu-Gadu\gg.exe” /tray" … Hosts file was reset, If you use a custom hosts file please replace it C:\WINDOWS\repair\autoexec.nt missing C:\WINDOWS\repair\Config.nt missing »»»»» End report »»»»»

jessica · 3 Sierpień 2007 16:21

Ten wpis, który podałam na samej górze postu, czyli " 017" .

Nie wiem, czy teraz po usunięciu Rootkita przez Fixwareout, nie zmienił się ten wpis w Hijacku.

Sprawdź przed sfiksowaniem, czy jest dokładnie taki sam, jak był przed użyciem Fixwareout.

.

krystian99901 · 3 Sierpień 2007 16:34

Ok już sfiksowałem go

Log Hijack This:

Logfile of HijackThis v1.99.1 Scan saved at 18:23:01, on 2007-08-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Programy sciagniete\Gadu-Gadu\gg.exe D:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Krystian\Pulpit\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy sciagniete\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open With JPEGCompress - res://D:\Program Files\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra ‘Tools’ menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7923057671 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WB - D:\Program Files\AlienGUIse\fastload.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nowy folder\Nero 7\Nero BackItUp\NBService.exe

Log z ComboFix: Sorry, że nie na http://www.wklej.org ale ta strona mi nie działa :shock: , żadna strona mi nie działa ale to żadna :o oprócz dobreprogramy.pl co się dzieje??

“Krystian” - 2007-08-03 18:24:47 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Krystian\Pulpit\internet.lnk ((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 ))))))))))))))))))))))))))))))) 2007-08-01 13:39 2007-07-30 21:47 2007-07-29 13:58 36,864 --a------ C:\WINDOWS\system32\wbsys.dll 2007-07-29 13:58 2007-07-27 11:18 304,128 --a------ C:\WINDOWS\unin040c.exe 2007-07-25 13:51 2007-07-23 13:19 2007-07-22 22:22 2007-07-19 20:37 2007-07-19 12:50 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-19 12:46 6,870 --a------ C:\dnsbak.reg 2007-07-16 21:00 2007-07-16 20:07 2007-07-13 20:29 2007-07-13 19:36 72,234 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-07-13 19:34 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-07-13 19:34 2007-07-12 22:33 2007-07-12 22:32 2007-07-12 22:27 2007-07-12 15:33 2007-07-12 13:45 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-07-11 20:14 2007-07-07 10:29 2007-07-05 10:33 111,104 --a------ C:\WINDOWS\system32\uharc.exe 2007-07-04 14:43 2007-07-04 14:39 2,321,408 --a------ C:\WINDOWS\system32\TUKernel.exe 2007-07-03 17:17 2007-07-03 16:21 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-07-03 16:21 2007-07-03 16:21 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 17:36:46 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-07-11 18:13:52 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-07-11 08:26:16 79,408 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 08:26:16 458,022 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-02 19:41:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-07-02 19:41:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-07-02 19:41:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-02 19:41:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-02 19:37:42 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-07-02 19:37:42 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-07-02 19:37:40 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-07-02 19:37:40 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-07-02 19:37:40 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-07-02 19:37:40 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-07-02 19:37:40 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-07-02 19:37:40 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-07-02 19:37:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-07-02 19:37:36 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-07-02 19:37:36 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-07-02 19:37:36 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-07-02 19:36:52 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-07-02 19:36:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-01 09:35:34 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-06-28 11:38:38 -------- d-----w C:\Program Files\Common Files\DirectX 2007-06-28 11:29:28 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\InstallShield 2007-06-27 13:11:52 -------- d-----w C:\Program Files\Net2Phone 2007-06-26 13:52:42 -------- d-----w C:\Program Files\Maxthon2 2007-06-26 12:24:08 -------- d-----w C:\Program Files\Techland 2007-06-24 08:46:46 -------- d-----w C:\Program Files\Common Files\xing shared 2007-06-24 08:46:46 -------- d-----w C:\Program Files\aod 2007-06-24 08:46:40 -------- d-----w C:\Program Files\Real 2007-06-24 08:46:40 -------- d-----w C:\Program Files\Common Files\Real 2007-06-24 08:46:40 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Real 2007-06-23 16:57:24 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\WinRAR 2007-06-23 16:06:08 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\fltk.org 2007-06-20 06:46:18 0 ----a-w C:\adware.exe 2007-06-19 17:28:22 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Ahead 2007-06-19 09:16:26 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 15:04:28 0 ----a-w C:\CONFIG.SYS 2007-06-17 15:04:28 0 ----a-w C:\AUTOEXEC.BAT 2007-06-14 12:00:06 -------- d-----w C:\DOCUME~1\Krystian\DANEAP~1\Gadu-Gadu 2007-06-04 13:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-31 13:53:32 27 ----a-w C:\WINDOWS\tamer.bat 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 18:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{00C6482D-C502-44C8-8409-FCE54AD9C208}] 2007-02-06 09:08 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 01:17 54248 --a------ D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 02:04 853672 --a------ D:\PROGRA~2\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-06-24 10:46] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\Programy sciagniete\Gadu-Gadu\gg.exe” [2006-11-14 11:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] D:\Program Files\AlienGUIse\fastload.dll --a------ 2001-12-20 23:34 24576 D:\Program Files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^F-Secure Anti-Virus 2006.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Krystian^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk] backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] “D:\Program Files\F-Secure Internet Security\Common\FSM32.EXE” /splash [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] “D:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE” /reboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] “D:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe” /CHECKALL /WAITFORSW [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKSRegmon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkstray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mks_mail] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25] svcchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38] mysvcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3b7d5448-9c2c-11db-8360-0020ed839b95}] AutoRun\command- F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{74c184a1-9a8c-11db-9b73-806d6172696f}] AutoRun\command- E:\setup.exe Contents of the ‘Scheduled Tasks’ folder 2007-08-03 15:20:14 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-03 18:25:53 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-03 18:26:08 C:\ComboFix-quarantined-files.txt … 2007-08-03 18:26 C:\ComboFix3.txt … 2007-07-19 19:49 C:\ComboFix2.txt … 2007-07-19 20:53 — E O F —

jessica · 3 Sierpień 2007 17:01

Wklej do Notatnika :

File::

C:\WINDOWS\tamer.bat


Registry::

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msvcc25]


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mysvcig38]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7d5448-9c2c-11db-8360-0020ed839b95}]

>>Plik>>Zapisz jako… >>> ComboFix-Do (najwygodniej będzie,

jeśli zapiszesz w takiej lokalizacji, by ikonka ComboFix-Do znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik ComboFix-Do.txt na plik ComboFix.exe

(czyli ikonkę ComboFix-Do.txt na ikonkę ComboFix.exe )

– tak jak na tym obrazku -->http://i12.tinypic.com/4l761r5.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Potem daj nowy log z ComboFixa.

.

krystian99901 · 3 Sierpień 2007 17:20

Dzięki już działają wszystkie strony a co było przyczyna ze żadna strona oprócz dobreprogramy.pl mi nie działały?

Log z ComboFix: http://www.wklej.org/id/b28b185f6d

jessica · 3 Sierpień 2007 17:31

Log jest OK.

A przyczyną nie działania większości stron mógł być serwer.

.Trzymaj się.

.

krystian99901 · 3 Sierpień 2007 17:39

Dzięki