Wirus blokuje strony antywirusowe


(Hipodrom) #1

Witam

Nie dzialaja mi strony antywirusowe np http://www.kaspersky.pl / http://www.avg.com / a nawet http://www.microsoft.com . Mysle ze to sprawka wirusow (to nie jest blokada internet developera napewno). Przejechalem kompa avg i nie znalazl tego. Hijackthis tez nic ciekawego nie znalazl. Spotkal ktos kiedys takie swinstwo? a loga z hijackthis i tak moge wrzucic :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:38:38, on 2009-04-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Digidesign\Drivers\MMERefresh.exe

C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe

C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Tlen.pl\Tlen.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\PSIService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\Tlen.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-21-329068152-1035525444-725345543-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O15 - Trusted Zone: http://*.imaginecup.com

O15 - Trusted Zone: http://www.wildnoodle.com

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe

O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe

O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Tomcat6\bin\tomcat6.exe

O24 - Desktop Component 1: (no name) - E:\soft\jdk-6-doc\docs\index.html


--

End of file - 5999 bytes

(Spandau) #2

Spróbuj pobrać Combofixa stąd nazwa specjalnie zmieniona http://rapidshare.com/files/224345215/123.com.exe.html Spróbuj uruchomić przeskanuj system i daj log na forum.

Na czas pobierania i skanowania wyłącz wszystkie programy ochronne - antywirus zapora


(Hipodrom) #3
ComboFix 09-04-24.01 - Administrator 2009-04-24 14:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2039.1230 [GMT 2:00]

Uruchomiony z: e:\daniell\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013

c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\_000013_.tmp.dll

c:\windows\system32\_000014_.tmp.dll


.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-24 do 2009-4-24 )))))))))))))))))))))))))))))))

.


2009-04-23 17:13 . 2009-04-23 17:13	--------	d-----w	c:\program files\Trend Micro

2009-04-23 16:55 . 2009-04-24 08:11	--------	d--h--w	C:\$AVG8.VAULT$

2009-04-23 16:46 . 2009-04-23 16:46	108552	----a-w	c:\windows\system32\drivers\avgtdix.sys

2009-04-23 16:46 . 2009-04-23 16:46	10520	----a-w	c:\windows\system32\avgrsstx.dll

2009-04-23 16:46 . 2009-04-23 16:46	325640	----a-w	c:\windows\system32\drivers\avgldx86.sys

2009-04-23 16:45 . 2009-04-23 16:45	--------	d-----w	c:\windows\system32\drivers\Avg

2009-04-23 16:45 . 2009-04-23 16:45	--------	d-----w	c:\program files\AVG

2009-04-23 16:45 . 2009-04-23 16:45	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\avg8

2009-04-23 15:46 . 2009-04-23 15:46	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera

2009-04-23 15:46 . 2009-04-23 15:46	--------	d-----w	c:\program files\Opera

2009-04-21 20:38 . 2004-01-21 22:35	40960	----a-w	c:\windows\SSubTmr6.dll

2009-04-21 19:48 . 2009-04-21 20:17	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Tlen.pl

2009-04-21 19:48 . 2009-04-21 19:48	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Tlen.pl

2009-04-21 19:48 . 2009-04-22 18:26	--------	d-----w	c:\program files\Tlen.pl

2009-04-19 17:51 . 2009-04-19 17:51	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Cooliris

2009-04-15 22:03 . 2009-04-15 22:03	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\OpenFM

2009-03-30 07:54 . 2009-03-30 07:54	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Thinstall

2009-03-25 21:31 . 2009-03-25 21:31	54156	---ha-w	c:\windows\QTFont.qfn

2009-03-25 21:31 . 2009-03-25 21:31	1409	----a-w	c:\windows\QTFont.for

2009-03-25 18:03 . 2009-03-25 18:03	9618	----a-w	c:\windows\system32\shutdown.rar


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-23 17:44 . 2007-05-16 06:49	--------	d-----w	c:\program files\SkanerOnline

2009-04-18 17:48 . 2009-02-23 17:20	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\uTorrent

2009-04-18 09:02 . 2009-02-28 14:28	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu

2009-04-15 21:54 . 2009-02-28 14:28	--------	d-----w	c:\program files\Nowe Gadu-Gadu

2009-04-03 16:08 . 2007-06-01 14:45	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Skype

2009-03-31 11:50 . 2009-03-14 14:36	--------	d-----w	c:\program files\Last.fm

2009-03-29 21:24 . 2001-10-26 17:15	66836	----a-w	c:\windows\system32\perfc015.dat

2009-03-29 21:24 . 2001-10-26 17:15	389412	----a-w	c:\windows\system32\perfh015.dat

2009-03-17 13:48 . 2009-03-17 13:48	104448	--s-a-r	c:\windows\system32\kmvtjmun.dll

2009-03-14 17:32 . 2007-02-24 15:29	--------	d-----w	c:\program files\Winamp

2009-03-14 14:37 . 2009-03-14 14:37	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Last.fm

2009-03-06 17:11 . 2007-10-11 16:32	30292	----a-w	C:\mksbasel.cpp.log

2009-02-28 16:41 . 2009-02-28 16:19	--------	d-----w	c:\program files\AP Tuner

2009-02-24 20:57 . 2009-02-24 20:57	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BESTplayer

2009-02-24 20:08 . 2009-02-24 20:08	--------	d-----w	c:\program files\NAPI-PROJEKT

2009-02-24 16:26 . 2007-03-17 20:57	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Azureus

2009-02-23 17:20 . 2009-02-23 17:20	--------	d-----w	c:\program files\uTorrent

2009-02-23 17:12 . 2009-02-23 17:12	--------	d-----w	c:\program files\BitTorrent

2009-02-23 15:20 . 2007-02-24 15:40	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Digidesign

2008-11-01 09:22 . 2007-02-24 12:00	70168	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-08-03 12:44 . 2007-08-03 12:44	476752	----a-w	c:\documents and settings\All Users\Dane aplikacji\pswi_preloaded.exe

2007-02-24 11:58 . 2007-02-24 11:58	138	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2009-01-03 21:2007-03-17 18:28 47:35 .	c:\program files\mozilla firefox\components\jar50.dll

2009-01-03 21:2007-03-17 18:28 47:35 .	c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-03 21:2007-03-17 18:28 47:35 .	c:\program files\mozilla firefox\components\myspell.dll

2009-01-03 21:2007-03-17 18:28 47:36 .	c:\program files\mozilla firefox\components\spellchk.dll

2009-01-03 21:2007-03-17 18:28 47:36 .	c:\program files\mozilla firefox\components\xpinstal.dll

2008-12-01 16:22 . 2007-08-03 12:42	88	--sh--r	c:\windows\system32\C92ABD1C55.sys

2008-12-01 16:22 . 2007-08-03 12:42	2516	--sha-w	c:\windows\system32\KGyGaAvL.sys

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2008-06-23 6066176]


[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 15:52	80384	----a-w	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Komunikator"="c:\program files\Tlen.pl\Tlen.exe" [2009-01-17 5853672]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iKeyWorks"="c:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-04-09 61440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-23 1932568]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]


[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

Source= e:\soft\jdk-6-doc\docs\index.html

FriendlyName= 


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-06-23 233472]

"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-04-23 16:46	10520	----a-w	c:\windows\system32\avgrsstx.dll


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"midi1"= ma_cmidn.dll

"midi3"= ma_cmidn.dll


[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Synchronizer.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Synchronizer.lnk

backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"OracleServiceMAINASE"=2 (0x2)

"OracleOraHome92TNSListener"=2 (0x2)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"aspnet_state"=3 (0x3)

"Adobe LM Service"=3 (0x3)


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"c:\\Program Files\\DC\\DCPlusPlus.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"e:\\soft\\eclipse-jee-europa-winter-win32\\eclipse\\eclipse.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\daniell\\utorrent.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Tlen.pl\\tlen.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"45242:TCP"= 45242:TCP:PrefetchIntel CursorsOptions

"55822:UDP"= 55822:UDP:PrefetchIntel SystemBuild

"23573:UDP"= 23573:UDP:PrefetchIntel schemasIME

"12478:TCP"= 12478:TCP:PrefetchIntel ProfilesAssemblies


R2 Netprov;Driver Storage;c:\windows\system32\svchost.exe [2004-08-04 14336]

R3 dkvglt;dkvglt; [x]

R3 iLokDrvr;iLok;c:\windows\system32\DRIVERS\iLokDrvr.sys [2005-12-21 27328]

R3 Tomcat6;Apache Tomcat;c:\tomcat6\bin\tomcat6.exe [2008-01-28 57344]

R4 OracleServiceMAINASE;OracleServiceMAINASE; [x]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-23 325640]

S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]

S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-23 298264]

S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]

S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]

S3 MAUSBFT;Service for M-Audio Fast Track USB (WDM);c:\windows\system32\DRIVERS\mausbft.sys [2006-04-04 106112]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Netprov


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff0dfc8d-c569-11db-8468-000fea29d13f}]

\Shell\AutoRun\command - J:\USBNB.exe

.

- - - - USUNIĘTO PUSTE WPISY - - - -


ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll

Notify-WgaLogon - (no file)



.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm

Trusted Zone: imaginecup.com

Trusted Zone: wildnoodle.com\www

Handler: http\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: https\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: ipp\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll

Handler: msdaipp\[u]0[/u]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nchdd8f4.default\

FF - prefs.js: browser.startup.homepage - hxxp://iz.bimber.pl/search.php?action=show_new

FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\nchdd8f4.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 14:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dkvglt]

"ImagePath"="\??\c:\windows\system32\[u]0[/u]1.tmp"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]

"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]

"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netprov]

"ServiceDll"="c:\windows\system32\kmvtjmun.dll"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-329068152-1035525444-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D3090F7-CA56-F294-2171-DEAFB0557951}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaokobhnfjfcbongnjfhmbephajgfc"=hex:64,61,64,62,69,64,6a,6d,00,c0

"oacmopbfhkoodgfdgkfhidglnhgeec"=hex:69,61,6c,61,67,62,6c,65,67,64,65,6c,6d,69,

   62,66,68,62,00,00

"naalefgojgindelpobiimpofplcb"=hex:69,61,6c,61,67,62,6c,65,67,64,65,6c,6d,69,

   62,66,68,62,00,00

.

Czas ukończenia: 2009-04-24 14:15

ComboFix-quarantined-files.txt 2009-04-24 12:15


Przed: 4 477 534 208 bajtów wolnych

Po: 5 523 095 552 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


282	--- E O F ---	2008-09-18 22:22

(Spandau) #4

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka


(Hipodrom) #5

http://wklejto.pl/32030


(Spandau) #6

Pobierz Windows Worms Doors Cleaner http://dobreprogramy.pl/index.php?dz=2& ... aner+1.4.1 zamknij wszystkie porty instrukcja http://forum.idg.pl/bezpieczenstwo_komp ... 18804.html (u dołu strony w linku)

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Pobierz Dr.WEB CureIt! wykonaj pełne skanowanie


(Hipodrom) #7

Log wyglada na czysty. Strony zostaly odblokowane ! :))

Wszystko reszte zrobilem tak jak mowiles.

Mam jeszcze jedna prosbe, na drugim komputerze mam ta sama infekcje, pewnie sie zarazil. Wklejam loga

http://wklejto.pl/32031

co wpisac w txt dla combofixa? to samo?

pozniej rozumiem robie to co post wyzej napisane .


(Spandau) #8

Wylecz pendrive lub kartę pamięci Flash Disinfector

http://www.searchengines.pl/index.php?s ... ntry369724

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na http://www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka


(Hipodrom) #9

http://www.wklejto.pl/32040

strony odblokowane ! :slight_smile: wielkie dzieki :wink:


(Danielm86) #10

zainstaluj firewalla Np Zone Alarm lub Comodo


(Spandau) #11

Tak teraz możesz to zrobić Jeśli DrWeb nic nie wykryje powinno być OK

:slight_smile:


(Wojart) #12

Witam

Spotkał mnie podobny problem. Będę bardzo wdzięczny za pomoc.

ComboFix już ściągnąłem i przeskanował system.

Log na http://www.wklejto.pl/34006

z góry dzięki


(Asterisk) #13

Podpięcia nie są mile widziane i proszę o unikanie takich działań