Win32:Rootkit-gen[Rtk]


(Danielam85) #1

Bardzo proszę o pomoc- wczoraj avast wykrył mi pasożyta Win32:Rootkit-gen[Rtk] na G/AutoRun.exe(czyli na moim modemie), nie mogę go jednak usunąć, ani przenieść do kwarantanny. Skanowałam komputer innymi antywirusami i żaden nic nie wykrył. Jednak za każdym razem gdy włączam kompa pokazuje mi się ostrzeżenie z avasta. Nie znam się na komputerach i kompletnie nie wiem co zrobić, a do tego nigdy wcześniej nie miałam wirusów. Proszę o jakieś rady.


(Milland) #2

Daj logi z hijackthis i combofix


(huber2t) #3

Hijackthis i Combofix


(Danielam85) #4

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:37, on 2008-08-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\system32\qttask.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe

C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IfxPsdSv.exe

C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Huawei technologies\Vodafone 3G Broadband Modem\Vodafone 3G Broadband Modem.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM..\Run: [iFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe

O4 - HKLM..\Run: [smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe

O4 - HKLM..\Run: [sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O17 - HKLM\System\CCS\Services\Tcpip..{BED70E98-7768-4713-90EE-5162FDFDB19B}: NameServer = 213.233.128.1 213.233.128.19

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe

O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe

--

End of file - 9275 bytes


(Leon$) #5

wpis

usuń HijackThisem >> Fix checked

daj log Combofixa

:slight_smile:


(Danielam85) #6

To jest log z Combofix:

ComboFix 08-08-17.05 - DANIELA 2008-08-18 18:58:37.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.548 [GMT 1:00]

Running from: C:\Documents and Settings\DANIELA\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\DANIELA\UserData

C:\Documents and Settings\DANIELA\UserData\index.dat

C:\setup.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))

.

2008-08-17 19:37 . 2008-08-17 19:37

2008-08-17 19:37 . 2008-08-17 19:37

2008-08-17 19:21 . 2008-08-17 19:21

2008-08-17 19:03 . 2008-08-17 19:03 16,596,992 --a------ C:\WINDOWS\system32\OUZU

2008-08-17 18:46 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-08-17 18:46 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-08-17 18:46 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-08-17 18:46 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

2008-08-16 09:20 . 2008-08-16 09:20

2008-08-16 09:08 . 2008-08-16 09:21

2008-08-14 19:01 . 2008-08-14 19:07

2008-08-14 19:00 . 2008-08-14 19:00

2008-08-09 21:51 . 2008-08-13 11:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-08-09 21:51 . 2008-08-09 21:51 1,409 --a------ C:\WINDOWS\QTFont.for

2008-08-09 21:50 . 2008-08-09 21:50

2008-08-09 21:47 . 2008-08-09 21:47

2008-08-09 21:47 . 2008-08-09 21:47

2008-08-04 21:45 . 2008-08-05 10:55

2008-07-31 19:32 . 2008-07-31 19:32

2008-07-31 19:22 . 2008-07-31 19:22

2008-07-31 19:22 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-31 19:21 . 2008-07-31 19:22

2008-07-31 19:19 . 2008-07-31 19:19

2008-07-28 23:45 . 2008-07-28 23:45

2008-07-28 23:20 . 2008-08-17 19:29

2008-07-28 23:19 . 2008-07-28 23:29

2008-07-27 20:32 . 2008-07-27 20:32

2008-07-21 23:58 . 2008-07-21 23:58

2008-07-21 20:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-21 20:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-07-21 20:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-21 10:25 . 2008-07-21 10:29

2008-07-21 09:28 . 2008-07-21 09:28

2008-07-19 23:25 . 2008-07-19 23:25

2008-07-19 22:47 . 2008-07-19 22:47

2008-07-19 22:47 . 2006-10-26 18:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-07-19 22:43 . 2008-07-19 22:43

2008-07-19 22:42 . 2008-07-19 22:42

2008-07-19 22:42 . 2008-07-19 22:48

2008-07-19 22:26 . 2008-07-19 22:26

2008-07-19 22:24 . 2008-07-19 22:26

2008-07-19 21:49 . 2008-07-19 21:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-07-19 21:41 . 2008-07-19 21:41

2008-07-19 21:41 . 2008-07-19 21:41

2008-07-19 21:36 . 2008-07-19 21:41

2008-07-19 21:36 . 2008-07-19 21:42

2008-07-19 21:22 . 2008-07-19 21:22

2008-07-19 21:11 . 2008-07-19 21:11

2008-07-19 21:11 . 2008-07-19 21:16

2008-07-19 21:11 . 2008-08-16 19:03 115,224 --a------ C:\snp2sxp-001.raw

2008-07-19 21:08 . 2008-06-14 19:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-19 21:08 . 2008-06-14 19:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-18 11:47 . 2008-08-10 10:09 1,071,661,056 --a------ C:\WINDOWS\MEMORY.DMP

2008-07-18 10:39 . 2008-07-18 10:39

2008-07-18 10:37 . 2008-07-24 18:38 14 --a------ C:\WINDOWS\system32\getfile.dat

2008-07-18 10:08 . 2006-03-02 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2008-07-18 10:07 . 2006-03-02 13:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll

2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2008-07-18 10:06 . 2008-07-18 10:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2008-07-18 10:06 . 2008-07-18 10:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2008-07-18 09:43 . 2008-07-18 09:43 0 --a------ C:\WINDOWS\system32\010914E0_kds.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 17:55 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\Skype

2008-08-18 15:28 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\skypePM

2008-08-15 11:57 --------- d-----w C:\Program Files\Elantech

2008-07-28 22:22 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-25 10:39 --------- d-----w C:\Program Files\Common Files\Softwin

2008-07-17 19:14 --------- d-----w C:\Program Files\Google

2008-07-17 19:13 --------- d-----w C:\Program Files\Skype

2008-07-17 19:13 --------- d-----w C:\Program Files\Common Files\Skype

2008-07-17 19:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-07-17 18:42 --------- d-----w C:\Program Files\Huawei technologies

2008-07-17 06:35 --------- d-----w C:\Program Files\MarBit

2008-07-17 06:34 98,304 ----a-w C:\WINDOWS\system32\qttask.exe

2008-07-17 06:33 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack

2008-07-17 06:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\XP

2008-07-17 06:19 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-17 06:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Vista64

2008-07-17 06:18 --------- d-----w C:\Documents and Settings\DANIELA\Dane aplikacji\Infineon

2008-07-17 06:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Infineon

2008-07-17 06:17 --------- d-----w C:\Program Files\Infineon

2008-07-17 06:12 --------- d-----w C:\Program Files\Common Files\snp2std

2008-07-17 06:08 --------- d-----w C:\Program Files\Intel

2008-07-17 06:04 --------- d-----w C:\Program Files\Realtek

2008-07-16 23:19 --------- d-----w C:\Program Files\microsoft frontpage

2008-07-16 23:17 --------- d-----w C:\Program Files\Usługi online

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2006-07-28 14:25 32,768 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\EBLib.dll

2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\LPCFilter.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-02 20:39 1267040]

[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 14:54 21718312]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 11:04 2127296]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 23:55 1667584]

"JustVoip"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" [2008-01-02 16:38 8770864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CASS"="C:\Program Files\Compal Electronics" [X]

"Smart Watch Dog"="-C:\Program Files\Compal Electronics" [X]

"Sidewalker"="C:\Program Files\Compal Electronics" [X]

"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-14 03:11 647168]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 12:21 675840]

"IFXSPMGT"="C:\WINDOWS\system32\IFXSPMGT.exe" [2006-11-13 13:23 661024]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-08 22:06 7405568]

"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-07-17 07:34 98304]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 15:38 78008]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 22:33 36352]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]

"nwiz"="nwiz.exe" [2006-02-08 22:06 1519616 C:\WINDOWS\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 10:12 16062464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\DANIELA\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 15:35]

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-12-13 00:34]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 15:37]

R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2007-01-26 13:37]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 14:58]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-11-16 15:29]

S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 08:55]

S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\D.tmp []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba2-54aa-11dd-8709-f26358c8a35e}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba4-54aa-11dd-8709-f26358c8a35e}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00f60ba5-54aa-11dd-8709-f26358c8a35e}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7bd-542f-11dd-8701-804229fc425c}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7bf-542f-11dd-8701-804229fc425c}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e96f7c0-542f-11dd-8701-804229fc425c}]

\Shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\DANIELA\Dane aplikacji\Mozilla\Firefox\Profiles\wr336adh.default\

FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll

.

.

------- File Associations (Beta) -------

.

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 19:00:06

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\C:\WINDOWS\system32\D.tmp"

.

Completion time: 2008-08-18 19:01:04

ComboFix-quarantined-files.txt 2008-08-18 18:01:01

Pre-Run: 10,854,887,424 bajtów wolnych

Post-Run: 11,038,400,512 bajtów wolnych

212 --- E O F --- 2008-08-14 23:04:33


(Leon$) #7

start >> uruchom >> cmd

sc stop MEMSWEEP2 >> Enter

sc delete MEMSWEEP2 >> Enter

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2 ... It!+4.44.5

:slight_smile:


(Danielam85) #8

Wielkie dzięki! !!