Trojan lub spyware?


(Kajetankrzaklewski) #1

Witam

Proszę o pomoc , otóz podczas przeglądania internetu albo jakis folderów na komputerze wyskakuje mi komunikat

your system is infected with dangerous virus strongly recommend to install antispyware program to clean your system

Click ok to download the antispyware

nie znam się na tym zupełnie tyle co wyczytałem z forum i zrobiłem loga za pomoca Hijackthis wyszło mi cos takiego

Jesli ktos wie jak mozna coś z tym zrobic to proszę o pomoc

Logfile of HijackThis v1.99.1

Scan saved at 17:39:30, on 2008-04-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\smax4.exe

C:\Program Files\WinFast\WFDTV\WFWIZ.exe

C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Klient\Pulpit\IEXPLORE.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Klient\USTAWI~1\Temp\Rar$EX00.656\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: PCTools - {5C8494A5-7525-46B3-94C2-2F734EEBD48B} - C:\WINDOWS\sysweb32a.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {A3B9D8DC-8E1D-4655-A04A-3C69E29ABC05} - C:\WINDOWS\system32\browsel.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe

O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.21 85.255.112.147

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.21 85.255.112.147

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.21 85.255.112.147

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.21 85.255.112.147

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\sysweb32a.dll

C:\WINDOWS\system32\browsel.dll

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox


(Agatonster) #3

kaju777 ,

Zapoznaj sę z tematem Ważny komunikat dotyczący tytułowania tematów i popraw tytuł tematu na konkretny, mówiący o problemie.

Proszę poprawić pisownię w opisie problemu.

W celu dokonania korekty proszę użyć przycisku ac7a4cd89050aa6e.gif przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu


(Kajetankrzaklewski) #4

zrobilem tak jak napisałes i wyszło cos takiego

ComboFix 08-04-15.5 - Klient 2008-04-16 18:35:58.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1602 [GMT 2:00]

Running from: C:\Documents and Settings\Klient\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Klient\Moje dokumenty\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\system32\browsel.dll

C:\WINDOWS\sysweb32a.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Klient\Ulubione\Online Security Test.url

C:\Program Files\Online Video Add-on

C:\WINDOWS\system32\browsel.dll

C:\WINDOWS\system32\Dvbpws.dll

C:\WINDOWS\sysweb32a.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))

.

2008-04-16 16:24 . 2008-04-16 16:24

2008-04-16 15:20 . 2008-04-16 15:20 48 --a------ C:\smp.bat

2008-04-16 08:42 . 2004-08-04 00:42 88,064 --a------ C:\WINDOWS\system32\cfgmgr3.dll

2008-04-08 18:22 . 2008-04-08 18:22

2008-04-08 18:22 . 2008-04-08 18:22

2008-04-02 20:22 . 2008-04-02 20:22

2008-04-01 07:40 . 2008-04-16 08:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-01 07:40 . 2008-04-01 07:40 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-21 20:12 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-03-21 20:12 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-03-21 20:12 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-03-21 20:08 . 2008-03-21 20:09

2008-03-16 15:38 . 2008-03-16 15:38

2008-03-16 15:37 . 2008-03-16 15:37

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 06:59 --------- d-----w C:\Program Files\Winamp

2008-04-11 16:24 --------- d-----w C:\Documents and Settings\Klient\Dane aplikacji\BearShare

2008-03-21 18:09 2,855 ----a-w C:\WINDOWS\PIF\setup.PIF

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-16 13:38 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-09 19:12 --------- d-----w C:\Program Files\Azureus

2008-03-09 19:12 --------- d-----w C:\Documents and Settings\Klient\Dane aplikacji\Azureus

2008-02-25 17:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

2008-02-25 17:09 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-25 17:09 --------- d-----w C:\Program Files\Bonjour

2008-02-25 17:05 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-01-21 20:17 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT

2008-01-21 20:17 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{DF4E7A0C-E233-4906-B4C1-A404356541FF}”= “C:\Program Files\Video ActiveX Access\iesbpl.dll” []

[HKEY_CLASSES_ROOT\clsid{df4e7a0c-e233-4906-b4c1-a404356541ff}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{DF4E7A0C-E233-4906-B4C1-A404356541FF}”= C:\Program Files\Video ActiveX Access\iesbpl.dll []

[HKEY_CLASSES_ROOT\clsid{df4e7a0c-e233-4906-b4c1-a404356541ff}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-12-09 21:06 7311360]

“SoundMax”=“C:\Program Files\Analog Devices\SoundMAX\smax4.exe” [2005-07-26 09:54 716800]

“WinFast Schedule”=“C:\Program Files\WinFast\WFDTV\WFWIZ.exe” [2006-08-24 15:15 368640]

“WinFastDTV”=“C:\Program Files\WinFast\WFDTV\DTVSchdl.exe” [2006-09-07 17:36 69632]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 02:11 132496]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-01-21 13:58 282624]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-06 17:55:01 113664]

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-01-21 13:59:41 118784]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

–a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

–a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

--------- 2006-03-17 10:30 102400 C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2007-07-09 09:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]

-ra------ 2006-01-03 11:10 2088960 C:\WINDOWS\TBPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

–a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]

–a------ 2001-08-16 17:52 74832 C:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2005-12-09 21:06 7311360 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2005-12-09 21:06 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2005-12-09 21:06 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]

-ra------ 2005-03-18 13:18 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

–a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

–a------ 2005-07-26 09:54 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2005-05-18 10:00 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

–a------ 2006-08-24 15:15 368640 C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\Program Files\Azureus\Azureus.exe”=

“C:\Program Files\BearShare Applications\BearShare\BearShare.exe”=

“C:\Documents and Settings\Klient\Pulpit\IEXPLORE.EXE”=

“C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe”=

“C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe”=

“C:\Program Files\Bonjour\mDNSResponder.exe”=

R2 WFPVRENC;WinFast PVR2000 MPEG Encoder;C:\WINDOWS\system32\drivers\wfpvrenc.sys [2006-04-10 06:12]

R2 WFPVRTUNER;WinFast PVR2000 WDM Tuner;C:\WINDOWS\system32\drivers\wfpvrtun.sys [2006-04-10 05:50]

R2 WFPVRVIDEO;WinFast PVR2000 WDM Video Capture;C:\WINDOWS\system32\drivers\wfpvrcap.sys [2006-04-10 05:51]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55]

R3 WFPVRBAR;WinFast PVR2000 WDM Crossbar;C:\WINDOWS\system32\drivers\WFPVRBAR.sys [2006-04-10 05:49]

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-11 19:50:48 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job”

  • C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca

“2008-04-16 15:15:05 C:\WINDOWS\Tasks\Symantec NetDetect.job”

  • C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-16 18:36:47

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-16 18:37:16

ComboFix-quarantined-files.txt 2008-04-16 16:37:12

Pre-Run: 23,276,355,584 bajtów wolnych

Post-Run: 23,278,018,560 bajtów wolnych

.

2008-04-09 20:25:45 — E O F —


(huber2t) #5

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\smp.bat

C:\WINDOWS\system32\cfgmgr3.dll

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox


(Kajetankrzaklewski) #6

teraz wyszło cos takiego:

http://wklej.org/id/12e59a21c3


(sdar) #7

kaju777 , Byłeś o coś proszony. Tylko krótki staż na forum uchronił Twój temat przed usunięciem. Zastosuj się jednak do prośby Agatona bo kolejny raz prosić nie będziemy.


(Dmirecki) #8

Czysto :slight_smile: