Strona microsoft nie dziala


(V Tec5) #1

Zrobiłem skan i otrzymałem takie dane:

ComboFix 10-08-27.03 - Wójcik 2010-08-28 13:54:25.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1014.452 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Wójcik\Pulpit\Nowy folder\ComboFix.exe

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\SEC

c:\windows\SEC\DelMt.cmd

c:\windows\SEC\JRE150.exe

c:\windows\SEC\Marker.exe

c:\windows\SEC\MEMIO.sys

c:\windows\SEC\MEMIO.vxd

c:\windows\SEC\MP10POL.exe

c:\windows\SEC\SECINSTALL.EXE

c:\windows\SEC\SECINSTALL.INI

c:\windows\SEC\StartMem.exe

c:\windows\system32\EXPLORER.EXE


.

((((((((((((((((((((((((( Pliki utworzone od 2010-07-28 do 2010-08-28 )))))))))))))))))))))))))))))))

.


2010-08-27 18:18 . 2010-08-27 18:18	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2010-08-27 18:05 . 2010-08-27 18:05	--------	d-----w-	c:\program files\Common Files\Skype

2010-08-27 18:05 . 2010-08-27 18:06	--------	d-----r-	c:\program files\Skype

2010-08-27 18:05 . 2010-08-27 18:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype

2010-08-07 20:52 . 2008-04-15 12:00	26624	----a-w-	c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-25 20:42 . 2010-06-22 10:23	--------	d-----w-	c:\program files\Nowe Gadu-Gadu

2010-08-10 14:31 . 2010-07-08 15:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-07-11 13:30 . 2010-07-11 13:30	4096	----a-w-	c:\windows\system32\07B.tmp

2010-07-07 19:17 . 2010-07-07 14:40	--------	d-----w-	c:\program files\JDownloader

2010-07-07 16:39 . 2010-07-07 16:39	--------	d-----w-	c:\program files\Microsoft.NET

2010-07-07 15:44 . 2009-04-15 10:18	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-07-07 14:41 . 2010-07-07 14:41	--------	d-----w-	c:\program files\kikin

2010-07-07 14:40 . 2010-07-07 14:40	411368	----a-w-	c:\windows\system32\deploytk.dll

2010-07-07 14:40 . 2009-04-15 10:22	--------	d-----w-	c:\program files\Java

2010-07-01 09:15 . 2010-06-28 16:47	--------	d-----w-	c:\program files\PhotoScape

2010-06-22 10:10 . 2010-06-22 10:10	0	----a-w-	c:\windows\nsreg.dat

2010-06-18 17:15 . 2009-04-15 19:01	49910	----a-w-	c:\windows\system32\perfc015.dat

2010-06-18 17:15 . 2009-04-15 19:01	356068 begin_of_the_skype_highlighting              01 356068      end_of_the_skype_highlighting	----a-w-	c:\windows\system32\perfh015.dat

2008-04-15 12:00 . 2009-04-15 19:01	153300	--sha-r-	c:\windows\system32\ywjthk.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

2010-04-13 15:30	766640	----a-w-	c:\program files\kikin\ie_kikin.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-10-28 11539048]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-04-15 36972]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]

"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]

"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2009-12-21 446464]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]

"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]

"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-17 580200]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2166:TCP"= 2166:TCP:zxekh


R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-04-15 4300]

R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-01-14 30208]

R3 hspabus;SAMSUNG HSPA USB Composite Device driver (WDM);c:\windows\system32\drivers\hspabus.sys [2009-04-15 91776]

R3 hspamdfl;SAMSUNG HSPA Modem Filter;c:\windows\system32\drivers\hspamdfl.sys [2009-04-15 14976]

R3 hspamdm;SAMSUNG HSPA Modem Drivers;c:\windows\system32\drivers\hspamdm.sys [2009-04-15 119808]

R3 hspaserd;SAMSUNG HSPA Modem Diagnostic Serial Port (WDM);c:\windows\system32\drivers\hspaserd.sys [2009-04-15 98560]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-04-15 238464]

S2 crpam;Manager Monitor;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]

S2 culhp;Manager Universal;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]

S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 135664]

S2 qzvre;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]

S2 xovqxd;Center Helper;c:\windows\system32\svchost.exe -k netsvcs [2009-04-15 14336]

S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]

S3 glwuf;glwuf;\??\c:\windows\system32\08.tmp --> c:\windows\system32\08.tmp [?]

S3 rbzoqq;rbzoqq;\??\c:\windows\system32\06.tmp --> c:\windows\system32\06.tmp [?]

S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [2006-08-01 19840]

S3 tndchjrl;tndchjrl;c:\windows\system32\07B.tmp [2010-07-11 4096]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

culhp

.

Zawartość folderu 'Zaplanowane zadania'


2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 10:34]


2010-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 10:34]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.plus.pl

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN

uInternet Connection Wizard,ShellNext = hxxp://www.plus.pl/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Funkcja Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Wyślij do interfejsu Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

FF - ProfilePath - c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\

FF - prefs.js: browser.startup.homepage - http://www.google.pl

FF - component: c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_0.dll

FF - component: c:\documents and settings\Wójcik\Dane aplikacji\Mozilla\Firefox\Profiles\g9hycay6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin_3_6.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - USUNIĘTO PUSTE WPISY - - - -


HKCU-Run-wsctf.exe - wsctf.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-28 13:57

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\glwuf]

"ImagePath"="\??\c:\windows\system32\08.tmp"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rbzoqq]

"ImagePath"="\??\c:\windows\system32\06.tmp"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tndchjrl]

"ImagePath"="\??\c:\windows\system32\07B.tmp"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\crpam]

"ServiceDll"="c:\windows\system32\ywjthk.dll"

--


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\culhp]

"ServiceDll"="c:\windows\system32\ywjthk.dll"

--


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qzvre]

"ServiceDll"="c:\windows\system32\ywjthk.dll"

--


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xovqxd]

"ServiceDll"="c:\windows\system32\ywjthk.dll"

.

Czas ukończenia: 2010-08-28 13:59:47

ComboFix-quarantined-files.txt 2010-08-28 11:59


Przed: 68 675 989 504 bajtów wolnych

Po: 68 673 216 512 bajtów wolnych


WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


- - End Of File - - F8B1083A478BE77CB09236A8FC3B57FC





I nic nie pomogło strona ms nie działa, prosze o szybka odpowiedz na moje gg: 5252046 lub meila: v-tec5@o2.pl


Tanie konta Hotfile, MU, Fileserve i inne: http://www.rapids4you.hostdell.pl/

(lazikar) #2

miszanfs1 , , nie podpinaj się pod istniejące tematy - jeżeli masz problem, załóż własny temat.

Wydzielono.


(Blueboss) #3

Nie używaj Combofixa, kiedy specjalista cię o to nie poprosi. Daj logi z OTL + GMER.


(jessica) #4

CONFICKER + 3 Rootkity.

Wklej do Notatnika :

File::

c:\windows\system32\ywjthk.dll

c:\windows\system32\07B.tmp

c:\windows\system32\06.tmp

c:\windows\system32\08.tmp


Driver::

tndchjrl

rbzoqq

glwuf

xovqxd

qzvre

culhp

crpam


NetSvc::

xovqxd

qzvre

culhp

crpam


Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2166:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\glwuf]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rbzoqq]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tndchjrl]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\crpam]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\culhp]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qzvre]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xovqxd]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-------->cfscript10gm1.gif

Ma się rozpocząć usuwanie. (i powstanie log).

Daj ten log, który powstanie w trakcie usuwania.

jessi