Trojany ! Możecie mi pomóc?

w2e3r4 · 19 Czerwiec 2008 15:51

A więc po skanowaniu Kaspersky znalazł Trojany. Sama sobie z tym nie poradze. Może wy mogli byście mi jakos pomóc?

Wklejam logi :

Logfile of HijackThis v1.99.1 Scan saved at 17:26:57, on 2008-06-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\NoDNS\NoDNS.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Winamp\winamp.exe C:\Program Files\WinRAR.exe C:\DOCUME~1\zz\USTAWI~1\Temp\Rar$EX00.047\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - C:\WINDOWS\system32\wvurstt.dll (file missing) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {608A4059-C1E4-441A-A106-315F36992EC4} - C:\WINDOWS\system32\ssttr.dll (file missing) O2 - BHO: (no name) - {60BE051B-33B4-4AE0-A526-EF13F9CB97C6} - C:\WINDOWS\system32\awvtu.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: {2e003532-484e-10d8-1be4-8e34ad6f8cae} - {eac8f6da-43e8-4eb1-8d01-e484235300e2} - C:\WINDOWS\system32\taqbujrj.dll (file missing) O2 - BHO: (no name) - {ED874BD6-40B6-4987-9B32-84731DED8410} - C:\WINDOWS\system32\ddccy.dll (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” O4 - HKLM…\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU “C:\WINDOWS\TEMP\E_S8A.tmp” /EF “HKLM” O4 - HKLM…\Run: [NetPanel] “C:\Program Files\NetPanel\Starter.exe” /path=“C:\Program Files\NetPanel” O4 - HKLM…\Run: [spik] C:\Program Files\Spik\Spik.exe -autostart O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [bM03329769] Rundll32.exe “C:\WINDOWS\system32\itmvjnis.dll”,s O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background O4 - HKCU…\Run: [NoDNS] C:\Program Files\NoDNS\NoDNS.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: wvurstt - wvurstt.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Z góry dziękuje za pomoc

Leon1 · 19 Czerwiec 2008 16:02

wpisy

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl O2 - BHO: (no name) - {07C7156E-D651-4ACC-9AD3-498C916E9651} - C:\WINDOWS\system32\wvurstt.dll (file missing) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {608A4059-C1E4-441A-A106-315F36992EC4} - C:\WINDOWS\system32\ssttr.dll (file missing) O2 - BHO: (no name) - {60BE051B-33B4-4AE0-A526-EF13F9CB97C6} - C:\WINDOWS\system32\awvtu.dll (file missing) O2 - BHO: {2e003532-484e-10d8-1be4-8e34ad6f8cae} - {eac8f6da-43e8-4eb1-8d01-e484235300e2} - C:\WINDOWS\system32\taqbujrj.dll (file missing) O2 - BHO: (no name) - {ED874BD6-40B6-4987-9B32-84731DED8410} - C:\WINDOWS\system32\ddccy.dll (file missing) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [bM03329769] Rundll32.exe “C:\WINDOWS\system32\itmvjnis.dll”,s O4 - HKCU…Run: [NoDNS] C:Program Files\NoDNS\NoDNS.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O20 - Winlogon Notify: wvurstt - wvurstt.dll (file missing)

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

w2e3r4 · 19 Czerwiec 2008 17:23

Wszystko do momentu ściągnięcia ComboFix ok.

Ale potem nie.

Jak ściągnęłam ten ComboFix to okazało się, że on już jest na moim komputerze i taki sposobem mam dwa. Ale ten pierwszy nie ma ma na obrazku krzyżyka na czerwonym tle tylko zwykłe okienko.

A na tym drugim jest ok. Tylko, że on nazywa się ComboFix(2) i jak chcę już zacząć usuwanie to pisze coś tego typu, ze plik musi się nazywac ComboFix, a nie ComboFix(2). Tego pierwszego nie mozna usunąć, ani zmienić mu nazwy, bo wyskakuje okienko w którym jest napisane, że jest używany przez inną osobę lub program. Ale nie jest używany…Ehh…

Da się coś zrobić ?

huber2t · 19 Czerwiec 2008 17:26

Przenieś ten nowy combofix do innego folderu lub podczas pobierania zapisać nie pod nazwą ComboFix.exe tylko z kreską pomiędzy:

Combo-Fix.exe

w2e3r4 · 19 Czerwiec 2008 18:22

Wszystko zrobiłam tak jak napisane.

A teraz log:

ComboFix 08-06-16.5 - zz 2008-06-19 19:50:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.202 [GMT 2:00] Running from: C:\Documents and Settings\zz\Pulpit\Combo-Fix.exe Command switches used :: C:\Documents and Settings\zz\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE :: C:\WINDOWS\system32\itmvjnis.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\inetget2 C:\Program Files\myglobalsearch C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\00024A8C.bin C:\Program Files\MyGlobalSearch\bar\Cache\00024DE7.bin C:\Program Files\myglobalsearch\bar\Cache\00025AD8.bin C:\Program Files\MyGlobalSearch\bar\Cache\0002D037 C:\Program Files\MyGlobalSearch\bar\Cache\files.ini C:\Program Files\MyGlobalSearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\Program Files\NoDNS C:\Program Files\NoDNS\NoDNS.exe C:\Program Files\NoDNS\UnInstall.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\isgTi19 C:\Temp\isgTi19\lPig.log C:\Temp\sanR24 C:\Temp\sanR24\lDii.log C:\WINDOWS\BM03329769.xml C:\WINDOWS\Fonts’ C:\WINDOWS\Fonts\a.zip C:\WINDOWS\pskt.ini C:\WINDOWS\system32\c4 C:\WINDOWS\system32\h7 C:\WINDOWS\system32\h7\liopud89104.exe C:\WINDOWS\system32\lytvajni.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\nGpxx18 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rttss.ini C:\WINDOWS\system32\rttss.ini2 C:\WINDOWS\system32\uikaviel.ini C:\WINDOWS\system32\utvwa.ini C:\WINDOWS\system32\utvwa.ini2 C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini2 C:\x.dat C:\z.dat . ((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))) . 2008-06-19 19:33 . 2008-06-19 19:34 2008-06-19 19:05 . 2008-06-19 19:05 2008-06-19 19:04 . 2007-05-21 19:18 2008-06-19 19:04 . 2008-06-19 19:04 2008-06-19 19:04 . 2007-05-21 17:25 2008-06-19 19:04 . 2008-06-19 19:33 2008-06-19 19:04 . 2008-06-19 19:04 2008-06-19 19:04 . 2008-06-19 19:33 2008-06-19 19:04 . 2008-06-19 19:04 2008-06-19 19:04 . 2008-06-19 19:05 2008-06-19 19:04 . 2008-06-19 19:33 2008-06-19 18:22 . 2008-06-19 18:22 2008-06-11 14:49 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 14:49 . 2008-04-14 17:53 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-08 12:08 . 2008-06-09 19:59 2008-05-25 14:18 . 2008-05-25 14:18 2008-05-25 14:18 . 2008-06-19 19:35 2008-05-25 14:18 . 2008-06-19 20:07 9,237,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-25 14:18 . 2008-06-19 20:10 225,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-25 14:18 . 2008-06-19 20:07 120,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-25 14:18 . 2008-05-28 19:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-25 14:18 . 2008-05-29 19:24 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-25 14:18 . 2008-06-19 20:07 23,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-25 14:14 . 2008-05-25 14:14 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 18:11 --------- d-----w C:\Documents and Settings\zz\Dane aplikacji\OpenOffice.ux.pl2 2008-06-19 17:48 --------- d-----w C:\Documents and Settings\zz\Dane aplikacji\Skype 2008-06-19 17:36 --------- d-----w C:\Documents and Settings\zz\Dane aplikacji\skypePM 2008-05-28 17:49 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-25 12:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trend Micro 2008-05-22 10:16 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-18 11:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-09 19:21 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-05-09 19:21 --------- d-----w C:\Program Files\Samsung 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-04 06:26 --------- d-----w C:\Program Files\Enlight Software 2008-04-29 13:08 --------- d-----w C:\Program Files\illiminable 2008-04-26 19:04 42,757 —ha-w C:\Program Files\WinRAR.GID 2008-04-26 10:16 --------- d-----w C:\Program Files\EA GAMES 2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-27 21:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2007-10-18 15:13 22 ----a-w C:\Program Files\zipnew.dat 2007-10-18 15:13 20 ----a-w C:\Program Files\rarnew.dat 2007-09-20 16:35 245,178 ----a-w C:\Program Files\WinRAR.chm 2007-09-20 16:33 11,616 ----a-w C:\Program Files\WhatsNew.txt 2007-08-24 08:41 2,458,032 ----a-w C:\Program Files\ArtRage 2 Starter Edition.exe 2007-08-16 08:49 11,116 ----a-w C:\Program Files\ArtRage 2.5 Starter Edition Release Notes.rtf 2006-12-23 15:37 44,032 ----a-w C:\Program Files\RarExtLoader.exe 2006-12-11 00:14 43,008 ----a-w C:\Program Files\RarExt64.dll 2006-10-22 09:21 3,271 ----a-w C:\Program Files\Order.htm 2006-09-17 10:03 4,417 ----a-w C:\Program Files\Licencja.txt 2005-05-12 16:01 1,687 ----a-w C:\Program Files\ReadMe.txt 2005-05-05 22:22 400,384 ----a-w C:\Documents and Settings\zz\GG PIONier v1.0.exe 2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2003-05-19 19:10 357,856 ----a-w C:\Program Files\WINRAR.HLP 2003-05-19 18:24 94,720 ----a-w C:\Program Files\Uninstall.exe 2003-05-19 18:24 828,416 ----a-w C:\Program Files\WinRAR.exe 2003-05-19 18:24 294,400 ----a-w C:\Program Files\Rar.exe 2003-05-19 18:24 197,632 ----a-w C:\Program Files\UnRAR.exe 2003-05-19 18:24 119,808 ----a-w C:\Program Files\RarExt.dll 2003-05-19 18:15 51,712 ----a-w C:\Program Files\Default.SFX 2003-05-19 18:15 38,912 ----a-w C:\Program Files\WinCon.SFX 2003-05-19 18:15 35,328 ----a-w C:\Program Files\Zip.SFX 2003-05-19 17:56 10,943 ----a-w C:\Program Files\CoNowego.txt 2003-05-19 17:53 615 ----a-w C:\Program Files\File_Id.diz 2003-05-19 17:51 8,939 ----a-w C:\Program Files\WinRAR.cnt 2003-05-15 13:43 95,112 ----a-w C:\Program Files\Dos.SFX 2003-05-07 19:36 207 ----a-w C:\Program Files\UnrarSrc.txt 2003-05-07 19:35 64,534 ----a-w C:\Program Files\Rar.txt 2003-05-07 19:14 5,339 ----a-w C:\Program Files\License.txt 2003-05-07 19:13 1,828 ----a-w C:\Program Files\CzytajTo.txt 2003-05-07 19:13 1,100 ----a-w C:\Program Files\Descript.ion 2003-04-24 11:02 10,377 ----a-w C:\Program Files\Rar_Site.txt 2003-04-06 09:50 1,217 ----a-w C:\Program Files\RarFiles.lst 2003-04-06 09:49 9,656 ----a-w C:\Program Files\TechNote.txt 2003-04-06 09:49 650 ----a-w C:\Program Files\Uninstall.lst 2003-04-06 09:49 2,897 ----a-w C:\Program Files\Register.txt 2003-04-06 09:47 3,283 ----a-w C:\Program Files\Order.txt 2007-12-23 17:15 248 --sh–r C:\WINDOWS\system32\CA7D3F57AD.sys 2008-02-25 19:55 9,188 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360] “PowerBar”="" [] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [] “Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-01-07 22:02 495616] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 18:26 22014760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 11:09 77824 C:\WINDOWS\SOUNDMAN.EXE] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-07-08 12:57 7110656] “nwiz”=“nwiz.exe” [2005-07-08 12:57 1519616 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-07-08 12:57 86016] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 20:24 32768] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784] “NetPanel”=“C:\Program Files\NetPanel\Starter.exe” [2007-07-13 00:12 100032] “Spik”=“C:\Program Files\Spik\Spik.exe” [2007-07-03 16:10 95720] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 20:49 36352] “BearShare”=“C:\Program Files\BearShare\BearShare.exe” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 03:17 443968] C:\Documents and Settings\zz\Menu Start\Programy\Autostart\ OpenOffice.ux.pl 2.0.1.lnk - C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe [2006-01-03 23:50:50 61440] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-19 23:00:36 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696] SAGEM Wi-Fi 11g USB adapter LAN Utility.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-02-26 18:22:16 835584] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “vidc.ffds”= ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Grisoft\AVG Free\avgemc.exe”= “D:\Gadu-Gadu\gg.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\WapSter\AQQ\AQQ.exe”= “C:\PROGRA~1\WapSter\AQQ\AQQ.exe”= “C:\Program Files\Spik\Spik.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “C:\Program Files\Winamp Remote\bin\Orb.exe”= “C:\Program Files\Winamp Remote\bin\OrbTray.exe”= “C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= “C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Polish\setup.exe”= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 17:37] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - ZDPNDIS5 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-19 20:10:17 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.bin C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-06-19 20:19:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-19 18:19:01 Pre-Run: 17,102,831,616 bajtów wolnych Post-Run: 17,854,590,976 bajt˘w wolnych 246 — E O F — 2008-06-11 19:10:49

huber2t · 19 Czerwiec 2008 18:25

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link

w2e3r4 · 19 Czerwiec 2008 21:32

Zrobiłam tak jak kazałeś.

Wszystko ok.

Zeskanowałam.

Nie wykryto zagrożeń.

A mam dawać ten raport ?

Bo on jest taki dłuuuuuuuuuuugi.

Zanim ja go skopiuje to chyba minie wieczność.

A i dziękuje wam

huber2t · 20 Czerwiec 2008 04:03

Jeśli w raporcie jest czysto to nie musisz