Bardzo proszę o pomoc- wczoraj avast wykrył mi pasożyta Win32:Rootkit-gen[Rtk] na G/AutoRun.exe(czyli na moim modemie), nie mogę go jednak usunąć, ani przenieść do kwarantanny. Skanowałam komputer innymi antywirusami i żaden nic nie wykrył. Jednak za każdym razem gdy włączam kompa pokazuje mi się ostrzeżenie z avasta. Nie znam się na komputerach i kompletnie nie wiem co zrobić, a do tego nigdy wcześniej nie miałam wirusów. Proszę o jakieś rady.
Daj logi z hijackthis i combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:37, on 2008-08-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Huawei technologies\Vodafone 3G Broadband Modem\Vodafone 3G Broadband Modem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM…\Run: [skyTel] SkyTel.EXE
O4 - HKLM…\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM…\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM…\Run: [iFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM…\Run: [smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM…\Run: [sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [JustVoip] “C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe” -nosplash -minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip…{BED70E98-7768-4713-90EE-5162FDFDB19B}: NameServer = 213.233.128.1 213.233.128.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
–
End of file - 9275 bytes
wpis
usuń HijackThisem >> Fix checked
daj log Combofixa
To jest log z Combofix:
ComboFix 08-08-17.05 - DANIELA 2008-08-18 18:58:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.548 [GMT 1:00]
Running from: C:\Documents and Settings\DANIELA\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\DANIELA\UserData
C:\Documents and Settings\DANIELA\UserData\index.dat
C:\setup.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))
.
2008-08-17 19:37 . 2008-08-17 19:37
2008-08-17 19:37 . 2008-08-17 19:37
2008-08-17 19:21 . 2008-08-17 19:21
2008-08-17 19:03 . 2008-08-17 19:03 16,596,992 --a------ C:\WINDOWS\system32\OUZU
2008-08-17 18:46 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-17 18:46 . 2001-10-26 16:57 12,160 --a–c— C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-17 18:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-17 18:46 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-16 09:20 . 2008-08-16 09:20
2008-08-16 09:08 . 2008-08-16 09:21
2008-08-14 19:01 . 2008-08-14 19:07
2008-08-14 19:00 . 2008-08-14 19:00
2008-08-09 21:51 . 2008-08-13 11:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-09 21:51 . 2008-08-09 21:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-09 21:50 . 2008-08-09 21:50
2008-08-09 21:47 . 2008-08-09 21:47
2008-08-09 21:47 . 2008-08-09 21:47
2008-08-04 21:45 . 2008-08-05 10:55
2008-07-31 19:32 . 2008-07-31 19:32
2008-07-31 19:22 . 2008-07-31 19:22
2008-07-31 19:22 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 19:21 . 2008-07-31 19:22
2008-07-31 19:19 . 2008-07-31 19:19
2008-07-28 23:45 . 2008-07-28 23:45
2008-07-28 23:20 . 2008-08-17 19:29
2008-07-28 23:19 . 2008-07-28 23:29
2008-07-27 20:32 . 2008-07-27 20:32
2008-07-21 23:58 . 2008-07-21 23:58
2008-07-21 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-21 20:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-21 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-21 10:25 . 2008-07-21 10:29
2008-07-21 09:28 . 2008-07-21 09:28
2008-07-19 23:25 . 2008-07-19 23:25
2008-07-19 22:47 . 2008-07-19 22:47
2008-07-19 22:47 . 2006-10-26 18:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-19 22:43 . 2008-07-19 22:43
2008-07-19 22:42 . 2008-07-19 22:42
2008-07-19 22:42 . 2008-07-19 22:48
2008-07-19 22:26 . 2008-07-19 22:26
2008-07-19 22:24 . 2008-07-19 22:26
2008-07-19 21:49 . 2008-07-19 21:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 21:41 . 2008-07-19 21:41
2008-07-19 21:41 . 2008-07-19 21:41
2008-07-19 21:36 . 2008-07-19 21:41
2008-07-19 21:36 . 2008-07-19 21:42
2008-07-19 21:22 . 2008-07-19 21:22
2008-07-19 21:11 . 2008-07-19 21:11
2008-07-19 21:11 . 2008-07-19 21:16
2008-07-19 21:11 . 2008-08-16 19:03 115,224 --a------ C:\snp2sxp-001.raw
2008-07-19 21:08 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-19 21:08 . 2008-06-14 19:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-18 11:47 . 2008-08-10 10:09 1,071,661,056 --a------ C:\WINDOWS\MEMORY.DMP
2008-07-18 10:39 . 2008-07-18 10:39
2008-07-18 10:37 . 2008-07-24 18:38 14 --a------ C:\WINDOWS\system32\getfile.dat
2008-07-18 10:08 . 2006-03-02 13:00 13,463,552 --a–c— C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-18 10:07 . 2006-03-02 13:00 10,096,640 --a–c— C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-18 10:06 . 2008-07-18 10:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-18 09:43 . 2008-07-18 09:43 0 --a------ C:\WINDOWS\system32\010914E0_kds.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 17:55 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\Skype
2008-08-18 15:28 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\skypePM
2008-08-15 11:57 --------- d-----w C:\Program Files\Elantech
2008-07-28 22:22 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-25 10:39 --------- d-----w C:\Program Files\Common Files\Softwin
2008-07-17 19:14 --------- d-----w C:\Program Files\Google
2008-07-17 19:13 --------- d-----w C:\Program Files\Skype
2008-07-17 19:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-17 19:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-17 18:42 --------- d-----w C:\Program Files\Huawei technologies
2008-07-17 06:35 --------- d-----w C:\Program Files\MarBit
2008-07-17 06:34 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
2008-07-17 06:33 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
2008-07-17 06:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\XP
2008-07-17 06:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-17 06:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Vista64
2008-07-17 06:18 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\Infineon
2008-07-17 06:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Infineon
2008-07-17 06:17 --------- d-----w C:\Program Files\Infineon
2008-07-17 06:12 --------- d-----w C:\Program Files\Common Files\snp2std
2008-07-17 06:08 --------- d-----w C:\Program Files\Intel
2008-07-17 06:04 --------- d-----w C:\Program Files\Realtek
2008-07-16 23:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-16 23:17 --------- d-----w C:\Program Files\Usługi online
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-07-28 14:25 32,768 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll
2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-07-02 20:39 1267040]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00 15360]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-05-30 14:54 21718312]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 11:04 2127296]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55 1667584]
“JustVoip”=“C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe” [2008-01-02 16:38 8770864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CASS”=“C:\Program Files\Compal Electronics” [X]
“Smart Watch Dog”="-C:\Program Files\Compal Electronics" [X]
“Sidewalker”=“C:\Program Files\Compal Electronics” [X]
“KTPWare”=“C:\Program Files\Elantech\ktp.exe” [2007-02-14 03:11 647168]
“snp2std”=“C:\WINDOWS\vsnp2std.exe” [2006-09-15 12:21 675840]
“IFXSPMGT”=“C:\WINDOWS\system32\IFXSPMGT.exe” [2006-11-13 13:23 661024]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-02-08 22:06 7405568]
“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-07-17 07:34 98304]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 15:38 78008]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-07-09 22:33 36352]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2008-06-12 01:38 34672]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“SkyTel”=“SkyTel.EXE” [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
“nwiz”=“nwiz.exe” [2006-02-08 22:06 1519616 C:\WINDOWS\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-12-19 10:12 16062464 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 13:00 15360]
C:\Documents and Settings\DANIELA\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-12-13 00:34]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]
R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2007-01-26 13:37]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 14:58]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-11-16 15:29]
S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 08:55]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\D.tmp []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba2-54aa-11dd-8709-f26358c8a35e}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba4-54aa-11dd-8709-f26358c8a35e}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba5-54aa-11dd-8709-f26358c8a35e}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7bd-542f-11dd-8701-804229fc425c}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7bf-542f-11dd-8701-804229fc425c}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7c0-542f-11dd-8701-804229fc425c}]
\Shell\AutoRun\command - G:\AutoRun.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\DANIELA\Dane aplikacji\Mozilla\Firefox\Profiles\wr336adh.default\
FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
.
.
------- File Associations (Beta) -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 19:00:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
“ImagePath”="??\C:\WINDOWS\system32\D.tmp"
.
Completion time: 2008-08-18 19:01:04
ComboFix-quarantined-files.txt 2008-08-18 18:01:01
Pre-Run: 10,854,887,424 bajtów wolnych
Post-Run: 11,038,400,512 bajtów wolnych
212 — E O F — 2008-08-14 23:04:33
start >> uruchom >> cmd
sc stop MEMSWEEP2 >> Enter
sc delete MEMSWEEP2 >> Enter
Otwórz notatnik i wklej
zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart
powstanie plik o takiej ikonie
w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
lub
Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 … It!+4.44.5
Wielkie dzięki!