Zawirusowany system

system · 13 Kwiecień 2009 19:01

Hej . Moj problem polega na tym iz zlapalem jakiegos wirusa spyware czy costam , cały czas wyskakuja mi okienka programów Windows Security Center i WinPC Defender sygnalizuja iz jakis wirus mam :(( jak wyleczyc system ??? jak pozbyc sie drażniących okienek ??? Skanowalem dysk programem Spywaer Doctor oraz Nortonem Anty Vir wykrylo kilka infekcji i po usunieciu dalej to cos siedzi u mnie w systemie … jak sie tego pozbyc ??? prosze o pomoc

– Dodane 13.04.2009 (Pn) 21:03 –

moj log z Hijack ponizej :

Logfile of HijackThis v1.99.1

Scan saved at 21:06:13, on 2009-04-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Documents and Settings\DK\Dane aplikacji\pcdefender.exe

C:\PROGRA~1\Norton AntiVirus\navw32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Programy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.74.0\HostIE.dll (file missing)

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.74.0\HostIE.dll (file missing)

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM…\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM…\Run: [symantec PIF AlertEng] “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [sysav] C:\Documents and Settings\DK\Dane aplikacji\pcdefender.exe

O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.117.128.162/activex/AxisCamControl.cab

O17 - HKLM\System\CCS\Services\Tcpip…{C1F6CAD0-3029-46D8-8729-E739A54DC9AB}: NameServer = 80.85.224.50,212.160.238.2

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

kotek88 · 13 Kwiecień 2009 19:09

Moim zdaniem ComboFix to najlepszy program do usuwania wirusów. Próbowałeś?

system · 13 Kwiecień 2009 19:36

skanowalem ComboFix-em costam pousówał ale dalej to samo wysakuja te okienka Windows Security Center i WinPC Defender sygnalizuja iz jakis wirus mam jak sie tego pozbyc ??? ponizej log z COMBO :

FW: Norton Internet Worm Protection *enabled*

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Dane aplikacji\ZangoSA

c:\documents and settings\All Users\Dane aplikacji\ZangoSA\ZangoSA.dat

c:\documents and settings\All Users\Dane aplikacji\ZangoSA\ZangoSA_kyf_update.dat

c:\documents and settings\All Users\Dane aplikacji\ZangoSA\ZangoSAAbout.mht

c:\documents and settings\All Users\Dane aplikacji\ZangoSA\ZangoSAau.dat

c:\documents and settings\All Users\Dane aplikacji\ZangoSA\ZangoSAEula.mht

c:\documents and settings\All Users\Menu Start\Programy\Zango

c:\documents and settings\All Users\Menu Start\Programy\Zango\Reset Cursor.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Weather.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Customer Support Center.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Games!.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Library.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Screensavers!.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Uninstall Instructions.lnk

c:\documents and settings\All Users\Menu Start\Programy\Zango\Zango Videos!.lnk

c:\documents and settings\DK\Dane aplikacji\Zango

c:\windows\system32\pthreadGC2.dll

----- BITS: Możliwe zainfekowane strony -----

hxxp://winpcdown99.com

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))

.

2009-04-13 19:19 . 2006-03-02 22:42 73728 ----a-w C:\pv.exe

2009-04-13 19:11 . 2008-08-24 07:37 227 ----a-w c:\windows\system.tmp

2009-04-13 19:11 . 2008-02-03 16:59 174 ----a-w c:\windows\win.tmp

2009-04-12 06:48 . 2009-04-12 06:48 1021440 ----a-w c:\documents and settings\DK\Dane aplikacji\pcdefender.exe

2009-04-10 17:41 . 2007-07-10 16:10 547 ----a-w c:\windows\system32\ff_vfw.dll.manifest

2009-04-10 17:41 . 2009-04-02 13:21 84480 ----a-w c:\windows\system32\ff_vfw.dll

2009-03-30 16:17 . 2009-04-13 18:30 -------- d-----w c:\documents and settings\DK\Dane aplikacji\DC++

2009-03-30 16:17 . 2009-03-30 16:17 -------- d-----w c:\documents and settings\DK\Ustawienia lokalne\Dane aplikacji\DC++

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 16:13 . 2008-03-22 18:40 -------- d-----w c:\documents and settings\DK\Dane aplikacji\uTorrent

2009-04-10 20:14 . 2009-04-10 20:14 -------- d-----w c:\program files\NAPI-PROJEKT

2009-04-10 19:18 . 2009-01-09 17:48 -------- d-----w c:\program files\SubEdit-Player

2009-04-10 18:57 . 2008-02-03 17:16 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-04-10 18:20 . 2009-04-10 17:41 -------- d-----w c:\program files\ffdshow

2009-04-10 18:15 . 2009-04-10 18:15 -------- d-----w c:\program files\3ivx

2009-04-01 14:52 . 2008-02-03 16:24 -------- d-----w c:\program files\Java

2009-03-30 16:13 . 2009-03-30 16:13 -------- d-----w c:\program files\DC+PLUS PLUS

2009-03-29 06:30 . 2001-10-26 16:15 49492 ----a-w c:\windows\system32\perfc015.dat

2009-03-29 06:30 . 2001-10-26 16:15 355486 ----a-w c:\windows\system32\perfh015.dat

2009-03-22 20:42 . 2008-03-24 13:31 260364 —ha-w C:\mksbasel.cpp.log

2009-03-09 03:19 . 2009-01-01 13:52 410984 ----a-w c:\windows\system32\deploytk.dll

2009-02-09 14:19 . 2004-08-03 22:37 1846528 ----a-w c:\windows\system32\win32k.sys

2008-07-15 10:31 . 2008-07-15 10:31 17464 ----a-w c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-04-11 05:09 . 2008-02-03 16:55 17464 ----a-w c:\documents and settings\DK\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows$NtUninstallKB917953$\tcpip.sys

[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys

[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-08-29 745472]

“sysav”=“c:\documents and settings\DK\Dane aplikacji\pcdefender.exe” [2009-04-12 1021440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools-1033”=“c:\program files\D-Tools\daemon.exe” [2004-03-12 81920]

“UpdReg”=“c:\windows\Updreg.exe” [2000-05-11 90112]

“AHQInit”=“c:\program files\Creative\SBLive\Program\AHQInit.exe” [2001-05-10 102400]

“Symantec PIF AlertEng”=“c:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 517768]

“WheelMouse”=“c:\progra~1\A4Tech\Mouse\Amoumain.exe” [2002-02-05 155648]

“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe” [2005-10-03 52848]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-12-05 8523776]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-12-05 81920]

“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 32768]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-03-09 148888]

“nwiz”=“nwiz.exe” [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

“UIHost”=“d:\programy–==[xp themes]==–+= LogOn =+\Midnight Blue\logonui.Exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.xvid”= xvid.dll

“aux”= ctwdm32.dll

“vidc.3IV2”= 3ivxVfWCodec.dll

“vidc.SEDG”= SamsungVfWCodec.dll

“vidc.DX50”= DivXVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\DC++\DC++\DCPlusPlus.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“d:\Kane and Lynch Dead Men\kaneandlynch.exe”=

“c:\Program Files\uTorrent\utorrent.exe”=

S0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2004-03-12 156800]

S0 d346prt;d346prt;c:\windows\System32\Drivers\d346prt.sys [2004-03-12 5248]

S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2008-01-24 2368]

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2001-12-04 9344]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-09 101936]

.

Zawartość folderu ‘Zaplanowane zadania’

2009-04-10 c:\windows\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - DK.job

c:\progra~1\Norton AntiVirus\Navw32.exe [2005-10-03 12:09]

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: Eksport do programu Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

TCP: {C1F6CAD0-3029-46D8-8729-E739A54DC9AB} = 80.85.224.50,212.160.238.2

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 21:28

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-823518204-1563985344-854245398-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-823518204-1563985344-854245398-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:80,93,c0,c8,18,48,f0,de,d6,d3,28,05,ab,ef,19,2b,12,89,78,6c,0f,7e,a5,

78,ad,de,11,8b,86,e1,8f,a4,ac,03,b5,be,b0,99,74,c2,2e,9a,df,e2,cf,ba,b3,dd,\

“??”=hex:4a,0d,eb,87,63,53,80,56,15,33,b6,69,73,40,51,be

[HKEY_USERS\S-1-5-21-823518204-1563985344-854245398-1003\Software\SecuROM\License information*]

“datasecu”=hex:40,1b,c8,c4,27,f9,c8,74,c7,d0,79,27,17,ac,52,7a,e4,5a,b0,21,98,

36,3e,0b,41,11,77,20,94,c1,f7,5e,6c,d4,16,84,21,f0,51,b3,90,c9,e9,99,46,16,\

“rkeysecu”=hex:7f,3f,ea,1a,23,ac,d8,e9,24,98,82,e9,72,08,61,f7

.

Czas ukończenia: 2009-04-13 21:30

ComboFix-quarantined-files.txt 2009-04-13 19:30

Przed: 2 175 447 040 bajtów wolnych

Po: 2,568,560,640 bajtów wolnych

166 — E O F — 2009-03-13 05:54

– Dodane 13.04.2009 (Pn) 21:52 –

JAK sie pozbyc, zwalczyc ,zabic wysakujące okienka Windows Security Center i WinPC Defender aby nie sygnalizuja iz jakis wirus mam ? a jesli cos mam jak to usnac ??? prosze o pomoc fachowców :))

– Dodane 14.04.2009 (Wt) 18:10 –

temat ucichł…niek nie potrafi mmi pomoc ??? Format c ?? :((((((((((((