XP Antivirus 2008 pomocy


(Paprykarz275) #1

Witam potrzebuje pomocy w walce z tym virusem.

Nieznam sie na dobrze w tych sprawach wiec prosze o pomoc.

podaje loga z HiJacka

Running processes:

C:\WINDOWS1\System32\smss.exe

C:\WINDOWS1\system32\winlogon.exe

C:\WINDOWS1\system32\services.exe

C:\WINDOWS1\system32\lsass.exe

C:\WINDOWS1\system32\svchost.exe

C:\WINDOWS1\System32\svchost.exe

C:\WINDOWS1\system32\spoolsv.exe

C:\WINDOWS1\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS1\system32\RUNDLL32.EXE

C:\WINDOWS1\RTHDCPL.EXE

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS1\system32\lphcj3kj0evfr.exe

C:\WINDOWS1\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS1\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS1\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ja\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [lphcj3kj0evfr] C:\WINDOWS1\system32\lphcj3kj0evfr.exe

O4 - HKLM..\Run: [sMrhcn3kj0evfr] C:\Program Files\rhcn3kj0evfr\rhcn3kj0evfr.exe

O4 - HKLM..\Run: [C] C:\WINDOWS1\system32\kdbaq.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe


(Leon$) #2

Pobierz Combofix http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 przeskanuj system daj log

:slight_smile:


(Paprykarz275) #3

Proszę bardzo

ComboFix 08-08-14.03 - Ja 2008-08-15 15:32:56.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1579 [GMT 2:00]

Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Antivirus XP 2008.lnk

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\License Agreement.lnk

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Register Antivirus XP 2008.lnk

C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Uninstall.lnk

C:\Documents and Settings\All Users.WINDOWS1\Pulpit\Antivirus XP 2008.lnk

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\Config.xml

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml

C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs

C:\Documents and Settings\Ania\Pulpit\Antivirus XP 2008.lnk

C:\Documents and Settings\Ania\Pulpit\Error Cleaner.url

C:\Documents and Settings\Ania\Pulpit\Privacy Protector.url

C:\Documents and Settings\Ania\Pulpit\SpywareMalware Protection.url

C:\Documents and Settings\Ania\Pulpit\SystemDefender.lnk

C:\Documents and Settings\Ania\Ulubione\Error Cleaner.url

C:\Documents and Settings\Ania\Ulubione\Privacy Protector.url

C:\Documents and Settings\Ania\Ulubione\SpywareMalware Protection.url

C:\Documents and Settings\Ja\Cookies\ja@yourminis[2].txt

C:\Documents and Settings\Ja\Dane aplikacji\rhcn3kj0evfr

C:\Documents and Settings\MasterAdmin\Pulpit\Antivirus XP 2008.lnk

C:\Documents and Settings\MasterAdmin\Pulpit\SystemDefender.lnk

C:\Program Files\rhcn3kj0evfr

C:\Program Files\ShoppingReport

C:\Program Files\ShoppingReport\Uninst.exe

C:\Program Files\sprof

C:\WINDOWS1\system32\a.exe

C:\WINDOWS1\system32\A.tmp

C:\WINDOWS1\system32\actskn43.ocx

C:\WINDOWS1\system32\blphcj3kj0evfr.scr

C:\WINDOWS1\system32\kdbaq.exe

C:\WINDOWS1\system32\lphcj3kj0evfr.exe

C:\WINDOWS1\system32\phcj3kj0evfr.bmp

C:\WINDOWS1\system32\pphcj3kj0evfr.exe

.

((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))

.

2008-08-15 15:25 . 2008-08-15 15:32

2008-08-15 14:45 . 2008-08-15 14:45

2008-08-13 10:27 . 2008-08-13 10:28

2008-08-13 10:27 . 2005-12-05 07:12 20,640 --------- C:\WINDOWS1\system32\drivers\PxHelp20.sys

2008-08-12 10:34 . 2008-08-12 10:35

2008-08-12 10:33 . 2008-08-12 10:34

2008-08-09 21:11 . 2008-08-13 11:15

2008-08-07 22:05 . 2008-08-07 22:05

2008-08-06 22:55 . 2008-08-14 19:17 141,612 --a------ C:\WINDOWS1\system32\drivers\dump_wmimmc.sys

2008-08-05 23:46 . 2008-08-05 23:49

2008-08-05 22:25 . 2008-08-05 22:25

2008-08-03 21:54 . 2008-08-03 21:54

2008-08-02 10:49 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS1\system32\vp6vfw.dll

2008-07-31 23:21 . 2008-07-31 23:21

2008-07-31 23:21 . 2008-07-31 23:21

2008-07-31 23:21 . 2008-07-31 23:21 98,304 --a------ C:\WINDOWS1\system32\CmdLineExt.dll

2008-07-31 23:20 . 2008-07-31 23:20 3,092 --a------ C:\WINDOWS1\system32\ealregsnapshot1.reg

2008-07-30 23:50 . 2008-08-13 12:02

2008-07-30 23:50 . 2008-07-30 23:50

2008-07-30 23:16 . 2008-08-13 12:02

2008-07-24 21:30 . 2008-07-31 10:52 50 --a------ C:\WINDOWS1\GunzLauncher.INI

2008-07-24 21:13 . 2008-07-24 22:06

2008-07-16 17:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS1\system32\javacpl.cpl

2008-07-16 11:47 . 2008-07-16 11:47

2008-07-16 11:47 . 2007-04-23 16:54 108,680 -ra------ C:\WINDOWS1\system32\drivers\s115mdm.sys

2008-07-16 11:47 . 2007-04-23 16:54 100,488 -ra------ C:\WINDOWS1\system32\drivers\s115mgmt.sys

2008-07-16 11:47 . 2007-04-23 16:54 98,568 -ra------ C:\WINDOWS1\system32\drivers\s115obex.sys

2008-07-16 11:47 . 2007-04-23 16:54 15,112 -ra------ C:\WINDOWS1\system32\drivers\s115mdfl.sys

2008-07-16 11:47 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115cmnt.sys

2008-07-16 11:47 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115cm.sys

2008-07-16 11:47 . 2008-07-16 11:47 0 --a------ C:\WINDOWS1\mngui.INI

2008-07-16 11:46 . 2007-04-23 16:54 83,208 -ra------ C:\WINDOWS1\system32\drivers\s115bus.sys

2008-07-16 11:46 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115whnt.sys

2008-07-16 11:46 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115wh.sys

2008-07-16 11:45 . 2008-08-05 22:24

2008-07-16 11:45 . 2008-07-16 11:45

2008-07-16 11:44 . 2008-07-16 11:45

2008-07-16 11:44 . 2008-07-16 11:45

2008-07-16 11:26 . 2008-07-16 11:26

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-02 08:49 --------- d-----w C:\Program Files\EA Games

2008-08-02 08:47 --------- d-----w C:\Program Files\EA SPORTS

2008-08-01 12:41 --------- d-----w C:\Program Files\Electronic Arts

2008-07-16 15:49 --------- d-----w C:\Program Files\Java

2008-07-16 09:44 --------- d-----w C:\Program Files\Sony Ericsson

2008-07-16 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-16 07:22 --------- d-----w C:\Program Files\BitLord

2008-07-15 17:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\OpenOfficeT72

2008-07-14 11:00 96,520 ----a-w C:\WINDOWS1\system32\drivers\avgldx86.sys

2008-07-14 11:00 76,040 ----a-w C:\WINDOWS1\system32\drivers\avgtdix.sys

2008-07-14 11:00 10,520 ----a-w C:\WINDOWS1\system32\avgrsstx.dll

2008-07-14 08:07 --------- d-----w C:\Program Files\Real Alternative

2008-07-10 16:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\avg8

2008-07-09 18:04 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu

2008-07-09 15:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Media Player Classic

2008-07-09 14:41 --------- d-----w C:\Program Files\Valve

2008-07-07 15:13 315,392 ----a-w C:\WINDOWS1\HideWin.exe

2008-07-07 15:13 --------- d-----w C:\Program Files\Realtek

2008-07-07 15:13 --------- d-----w C:\Program Files\DIFX

2008-07-07 15:11 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\InstallShield

2008-07-07 15:10 14,656 ----a-w C:\WINDOWS1\gdrv.sys

2008-07-06 15:05 --------- d-----w C:\Program Files\OpenOfficeT7 2.4.0

2008-07-06 14:50 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Ahead

2008-07-06 14:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\Ahead

2008-07-06 14:49 --------- d-----w C:\Program Files\Common Files\Ahead

2008-07-06 14:48 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-07-06 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\Nero

2008-07-02 09:54 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Skype

2008-07-02 09:51 --------- d-----w C:\Documents and Settings\MasterAdmin\Dane aplikacji\Teleca

2008-07-02 09:21 --------- d-----w C:\Documents and Settings\MasterAdmin\Dane aplikacji\Sony Ericsson

2008-07-02 08:22 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\skypePM

2008-07-01 13:05 --------- d-----w C:\Program Files\AVG

2008-06-30 09:38 --------- d-----w C:\Program Files\Trojan Remover

2008-06-30 09:38 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Simply Super Software

2008-06-30 05:48 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\TmpRecentIcons

2008-06-28 19:54 --------- d-----w C:\Program Files\Pantera

2008-06-27 20:48 --------- d-----w C:\Program Files\Emurayden PSX Emulator v2.2

2008-06-27 19:43 --------- d-----w C:\Program Files\UltraISO

2008-06-27 19:43 --------- d-----w C:\Program Files\Common Files\EZB Systems

2008-06-17 10:03 --------- d-----w C:\Program Files\Tales of Pirates Online

2008-05-28 12:30 999,936 ----a-w C:\WINDOWS1\system32\syssetup.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS1\system32\ctfmon.exe" [2008-04-14 22:51 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-06-27 10:28 8798816]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 13:00 1232152]

"NvCplDaemon"="C:\WINDOWS1\system32\NvCpl.dll" [2007-05-11 00:03 8429568]

"NvMediaCenter"="C:\WINDOWS1\system32\NvMcTray.dll" [2007-05-11 00:03 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-21 18:15 35328]

"nwiz"="nwiz.exe" [2007-05-11 00:03 1626112 C:\WINDOWS1\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 12:54 16116224 C:\WINDOWS1\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS1\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\AVG\AVG8\avgupd.exe"=

"C:\Program Files\AVG\AVG8\avgemc.exe"=

"C:\Ntreev\Grand Chase\main.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"29101:TCP"= 29101:TCP:???? ??

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS1\system32\Drivers\avgldx86.sys [2008-07-14 13:00]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-14 13:00]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 13:00]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS1\system32\Drivers\avgtdix.sys [2008-07-14 13:00]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS1\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]

S3 XDva120;XDva120;C:\WINDOWS1\system32\XDva120.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a57e2983-4b74-11dd-8462-806d6172696f}]

\Shell\AutoRun\command - E:\Run.exe

.

  • ORPHANS REMOVED - - - -

HKLM-Run-lphcj3kj0evfr - C:\WINDOWS1\system32\lphcj3kj0evfr.exe

HKLM-Run-SMrhcn3kj0evfr - C:\Program Files\rhcn3kj0evfr\rhcn3kj0evfr.exe

HKLM-Run-C:\WINDOWS1\system32\kdbaq.exe - C:\WINDOWS1\system32\kdbaq.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\lcwb2940.default\

FF -: plugin - C:\Program Files\BYOND\bin\npbyond.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll

FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-15 15:34:18

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\WINDOWS1\system32\kdbaq.exe"="C:\WINDOWS1\system32\kdbaq.exe"

.

Completion time: 2008-08-15 15:34:52

ComboFix-quarantined-files.txt 2008-08-15 13:34:49

Pre-Run: 4,046,225,408 bajtów wolnych

Post-Run: 4,036,599,808 bajtów wolnych

216


(Leon$) #4

start >> uruchom >> cmd

sc stop XDva120 >> Enter

sc delete XDva120 >> Enter

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& ... It!+4.44.5

:slight_smile:


(Paprykarz275) #5

Może to zabrzmieć głupio ale nie rozumie tej optymalizacji uruchamiania


(Leon$) #6

te programy i aplikacje uruchamiają się u ciebie razem z systemen

pod linkiem masz podane aplikacje które możesz wyłączyć z uruchamiania

np.

usuń HijackThisem >> Fix checked

takich wpisów masz jeszcze wiele

usunięcie wpisu nie powoduje usunięcia pliku (dotyczy wpisów 04) w razie pomyłki można przywrócić w HijackThisie

programy wyłączone włączyć możesz w każdej chwili tylko po co mają być włączone cały czas czy są potrzebne czy nie

:slight_smile:


(Paprykarz275) #7

kurna nieumiem dokonac tej optymalizacji możesz jakoś naprowadzić??


(Leon$) #8

???

zrób nowy skan HijackThis daj log na forum

to ci podam co masz zrobić

:slight_smile:


(Paprykarz275) #9

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:23:14, on 2008-08-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS1\System32\smss.exe

C:\WINDOWS1\system32\winlogon.exe

C:\WINDOWS1\system32\services.exe

C:\WINDOWS1\system32\lsass.exe

C:\WINDOWS1\system32\svchost.exe

C:\WINDOWS1\System32\svchost.exe

C:\WINDOWS1\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS1\system32\RUNDLL32.EXE

C:\WINDOWS1\RTHDCPL.EXE

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS1\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS1\system32\nvsvc32.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\WINDOWS1\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS1\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS1\system32\svchost.exe

C:\Program Files\AVG\AVG8\avgscanx.exe

C:\Documents and Settings\Ja\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\ctfmon.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\system32\nvsvc32.exe


(Leon$) #10

Start >> uruchom >> msconfig >> uruchamianie

z tej listy która się pokaże wyczyść kratkę przy

zastosuj >> OK

jeśli nie używasz wielu języków to

Panel sterowania >> opcje regionalne i językowe >> języki >> zaawansowane >> zaznacz Wyłącz zaawansowane usługi tekstowe

:slight_smile:


(Paprykarz275) #11

Dzięki za pomoc komp biega jak marzenie

Nawet transfer neta mi się zwiększył


(Leon$) #12

a co z pozostałymi zaleceniami?

:slight_smile:


(Paprykarz275) #13

a co jeszcze trza zrobić ??


(Leon$) #14

:slight_smile:


(Paprykarz275) #15

Dr.Web mówi że komp czysty jak tyłek niemowlęcia


(Leon$) #16

No to OK

:slight_smile:


(Paprykarz275) #17

Thx za pomoc :smiley: