Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Brak antywirusa, prośba o oczyszczenie

Rozpoczęty przez Lich-koś , 03 05 2009 14:39

Temat jest zamknięty

5 odpowiedzi w tym temacie

#1 Lich-koś

Who doesn't like chocolate rain?

126 postów

Napisano 03 05 2009 - 14:39

Nie miałem AV chyba od grudnia i prawdopodobnie złapałem kilka wirusów

CODE-BOX

ComboFix 09-05-02.4 - liczkowscy 2009-05-03 14:28.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.277 [GMT 2:00]
Uruchomiony z: E:\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\liczkowscy\Dane aplikacji\wiaserva.log
c:\documents and settings\liczkowscy\liczkowscy.exe
c:\windows\system32\acctresn.exe
c:\windows\system32\crypts.dll
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\winio.vxd

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETLOGONRASAUTO
-------\Service_NetlogonRasAuto

((((((((((((((((((((((((( Pliki utworzone od 2009-04-03 do 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-03 11:25 . 2009-05-03 11:25 103540 ----a-w c:\windows\system32\drivers\56d5edd4.sys
2009-04-30 19:14 . 2009-04-30 19:14 96966 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-30 19:14 . 2009-04-30 19:14 88774 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-30 19:12 . 2009-05-03 12:32 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-30 19:12 . 2009-05-03 12:32 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-30 19:08 . 2009-04-30 19:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-30 17:08 . 2009-04-30 19:13 -------- d-----w c:\windows\LastGood.Tmp
2009-04-25 19:11 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-25 19:11 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-25 19:11 . 2009-04-25 19:11 -------- d-----w c:\program files\iPod
2009-04-25 19:10 . 2009-04-25 19:11 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 19:09 . 2009-04-25 19:09 -------- d-----w c:\program files\Bonjour
2009-04-25 19:07 . 2009-04-25 19:08 -------- d-----w c:\program files\QuickTime
2009-04-25 19:07 . 2009-04-25 19:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-04-25 19:06 . 2009-04-25 19:06 -------- d-----w c:\program files\Apple Software Update
2009-04-25 19:04 . 2009-04-25 19:11 -------- d-----w c:\program files\Common Files\Apple
2009-04-25 18:42 . 2009-04-25 18:42 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Last.fm
2009-04-24 12:38 . 2009-05-03 12:35 94842 ----a-w c:\windows\system32\drivers\c02adadd.sys
2009-04-16 20:01 . 2009-04-17 13:33 -------- d--h--w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame
2009-04-16 12:48 . 2008-04-21 21:28 218112 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Soldat
2009-04-03 13:16 . 2009-05-02 11:02 -------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Skype
2009-04-03 13:15 . 2009-04-03 13:15 -------- d-----r c:\program files\Skype
2009-04-03 13:14 . 2009-04-03 13:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-04-03 12:45 . 2009-04-03 12:45 20480 --sha-w c:\windows\system32\1041g.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 12:35 . 2008-11-05 18:11 292 ----a-w c:\windows\Tasks\GlaryInitialize.job
2009-05-03 12:34 . 2007-11-06 13:08 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 12:32 . 2009-04-30 19:12 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-03 12:32 . 2009-04-30 19:12 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-03 11:28 . 2009-04-03 09:01 191 --s-a-w c:\windows\system32\2155703669.dat
2009-04-25 19:06 . 2009-04-25 19:06 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-16 19:55 . 2007-11-06 13:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 09:07 . 2001-10-26 16:15 76208 ----a-w c:\windows\system32\perfc015.dat
2009-03-29 09:07 . 2001-10-26 16:15 454178 ----a-w c:\windows\system32\perfh015.dat
2009-03-22 11:16 . 2008-10-18 20:33 82352 ----a-w c:\windows\War3Unin.dat
2009-02-22 15:19 . 2008-03-02 15:47 23168 ----a-w c:\documents and settings\liczkowscy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-20 08:32 . 2001-10-26 17:29 662016 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:32 . 2008-04-20 10:07 81920 ------w c:\windows\system32\ieencode.dll
2009-02-09 14:19 . 2001-10-26 16:59 1846528 ----a-w c:\windows\system32\win32k.sys
2009-02-03 20:11 . 2001-10-26 17:29 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-03 208896]
"ContentTransferWMDetector.exe"="e:\content transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2009-04-02 342312]
"ATIPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
"Debugger"=ntsd -d

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Soulseek\\slsk.exe"=
"f:\\CS 1.6\\hl.exe"=
"f:\\CS 1.6\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1454:UDP"= 1454:UDP:Windows Media Format SDK (firefox.exe)
"1455:UDP"= 1455:UDP:Windows Media Format SDK (firefox.exe)
"22049:TCP"= 22049:TCP:BitComet 22049 TCP
"22049:UDP"= 22049:UDP:BitComet 22049 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 magicfl;magicfl; [x]
R2 ekrn;ESET Service; [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-17 2741114]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
S0 MFX;MFX; [x]
S3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f09ec8a-5728-11dd-b61f-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3e25c4-6bb9-11dd-b654-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c639fbb4-8be9-11dd-b696-00e04c041f0b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-03 c:\windows\Tasks\GlaryInitialize.job
- e:\glary utilities\initialize.exe [2008-11-05 14:35]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7C9976F1-6276-43DF-91DF-5D0EE2F84A2B} = 10.13.0.1,10.13.0.2
FF - ProfilePath - c:\documents and settings\liczkowscy\Dane aplikacji\Mozilla\Firefox\Profiles\m5hp113t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: e:\itunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 14:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

c:\windows\system32\drivers\MFX.sys 45824 bytes executable
C:\SYZ_DAT

skanowanie pomyślnie ukończone
ukryte pliki: 2

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-03 14:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-03 12:39
ComboFix2.txt 2009-02-09 17:20

Przed: 79 298 560 bajtów wolnych
Po: 44 576 768 bajtów wolnych

Current=7 Default=7 Failed=6 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
273 --- E O F --- 2009-04-22 11:36

0

Do góry

#2 karolkuich

Początkujący

141 postów

Napisano 04 05 2009 - 00:38

Wklej do notatnika :

File::
c:\windows\system32\drivers\56d5edd4.sys
c:\windows\system32\drivers\c02adadd.sys
c:\windows\system32\1041g.dll
c:\windows\system32\2155703669.dat

Dirlook::
c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Plik zapisz jako CFScript.txt , przeciągnij i upuść na ikonkę ComboFixa. Wklej loga, który powstanie po usuwaniu.

Nie miałem AV chyba od grudnia

Ja myślę, że gdy skończymy usuwanie syfu, to jednak zainstalujesz...

0

Do góry

#3 Lich-koś

Who doesn't like chocolate rain?

126 postów

Napisano 05 05 2009 - 22:31

CODE-BOX

ComboFix 09-05-05.02 - liczkowscy 2009-05-05 22:25.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.309 [GMT 2:00]
Uruchomiony z: E:\ComboFix.exe
Użyto następujących komend :: E:\CFScript.txt

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika

FILE ::
c:\windows\system32\1041g.dll
c:\windows\system32\2155703669.dat
c:\windows\system32\drivers\56d5edd4.sys
c:\windows\system32\drivers\c02adadd.sys
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1041g.dll
c:\windows\system32\2155703669.dat
c:\windows\system32\drivers\56d5edd4.sys
c:\windows\system32\drivers\c02adadd.sys

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c02adadd

((((((((((((((((((((((((( Pliki utworzone od 2009-04-05 do 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-04-30 19:14 . 2009-04-30 19:14 96966 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-30 19:14 . 2009-04-30 19:14 88774 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-30 19:12 . 2009-05-05 06:00 32 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-30 19:12 . 2009-05-05 06:00 32 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-30 19:08 . 2009-04-30 19:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-04-25 19:11 . 2009-03-19 14:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-25 19:11 . 2008-04-17 10:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-25 19:11 . 2009-04-25 19:11 -------- d-----w c:\program files\iPod
2009-04-25 19:10 . 2009-04-25 19:11 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-25 19:09 . 2009-04-25 19:09 -------- d-----w c:\program files\Bonjour
2009-04-25 19:07 . 2009-04-25 19:08 -------- d-----w c:\program files\QuickTime
2009-04-25 19:07 . 2009-04-25 19:10 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-04-25 19:06 . 2009-04-25 19:06 -------- d-----w c:\program files\Apple Software Update
2009-04-25 19:04 . 2009-04-25 19:11 -------- d-----w c:\program files\Common Files\Apple
2009-04-25 18:42 . 2009-04-25 18:42 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Last.fm
2009-04-16 20:01 . 2009-04-17 13:33 -------- d--h--w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame
2009-04-16 12:48 . 2008-04-21 21:28 218112 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-06 18:48 . 2009-04-06 18:48 -------- d-----w c:\documents and settings\liczkowscy\Dane aplikacji\Soldat

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-05 06:00 . 2009-04-30 19:12 32 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-05 06:00 . 2009-04-30 19:12 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-16 19:55 . 2007-11-06 13:37 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 13:15 . 2009-04-03 13:15 -------- d-----r c:\program files\Skype
2009-03-29 09:07 . 2001-10-26 16:15 76208 ----a-w c:\windows\system32\perfc015.dat
2009-03-29 09:07 . 2001-10-26 16:15 454178 ----a-w c:\windows\system32\perfh015.dat
2009-03-22 11:16 . 2008-10-18 20:33 82352 ----a-w c:\windows\War3Unin.dat
2009-02-22 15:19 . 2008-03-02 15:47 23168 ----a-w c:\documents and settings\liczkowscy\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-02-20 08:32 . 2001-10-26 17:29 662016 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:32 . 2008-04-20 10:07 81920 ------w c:\windows\system32\ieencode.dll
2009-02-09 14:19 . 2001-10-26 16:59 1846528 ----a-w c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame ----

2009-04-17 13:33 . 2009-04-16 20:01 480688 ----a-w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame\ijjistarter2FxB.exe
2009-04-16 21:08 . 2009-04-16 21:08 220926964 ----a-w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame\U_GUNZ_setup.exe.part
2009-04-16 21:08 . 2009-04-16 21:08 403 ---ha-w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame\U_GUNZ_setup.exe.bfi
2009-04-16 20:01 . 2009-04-17 13:33 1138 ----a-w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame\HUL\u_gunz_launcher.hul
2009-04-16 20:01 . 2009-04-17 13:33 75 ----a-w c:\documents and settings\liczkowscy\Dane aplikacji\ijjigame\HUL\gamekind.ini

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-03 208896]
"ContentTransferWMDetector.exe"="e:\content transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\itunes\iTunesHelper.exe" [2009-04-02 342312]
"ATIPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Soulseek\\slsk.exe"=
"f:\\CS 1.6\\hl.exe"=
"f:\\CS 1.6\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1454:UDP"= 1454:UDP:Windows Media Format SDK (firefox.exe)
"1455:UDP"= 1455:UDP:Windows Media Format SDK (firefox.exe)
"22049:TCP"= 22049:TCP:BitComet 22049 TCP
"22049:UDP"= 22049:UDP:BitComet 22049 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 MFX;MFX; [x]
R3 klfltdev;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
S0 magicfl;magicfl; [x]
S2 ekrn;ESET Service;"e:\eset smart security\ekrn.exe" --> e:\eset smart security\ekrn.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-02-01 16512]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22c81830-1f5a-11de-b800-001bbf597f60}]
\shell\autorun\command - G:\eyt.exe
\shell\open\command - G:\eyt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f09ec8a-5728-11dd-b61f-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3e25c4-6bb9-11dd-b654-001bbf597f60}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c639fbb4-8be9-11dd-b696-00e04c041f0b}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-05-05 c:\windows\Tasks\GlaryInitialize.job
- e:\glary utilities\initialize.exe [2008-11-05 14:35]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {7C9976F1-6276-43DF-91DF-5D0EE2F84A2B} = 10.13.0.1,10.13.0.2
FF - ProfilePath - c:\documents and settings\liczkowscy\Dane aplikacji\Mozilla\Firefox\Profiles\m5hp113t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: e:\itunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 22:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

c:\windows\system32\drivers\MFX.sys 45824 bytes executable
C:\SYZ_DAT

skanowanie pomyślnie ukończone
ukryte pliki: 2

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-05 22:35 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-05-05 20:35
ComboFix2.txt 2009-05-03 12:39

Przed: 41 607 168 bajtów wolnych
Po: 41 271 296 bajtów wolnych

Current=7 Default=7 Failed=6 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
188 --- E O F --- 2009-04-22 11:36

Znaczy jest taka śmieszna sytuacja że zainstalowałem kasperskiego ale nie chce mi sie uruchomić

0

Do góry

#4 karolkuich

Początkujący

141 postów

Napisano 06 05 2009 - 16:59

Wklej do notatnika :

Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom z dwukliku.

Przeskanuj system MBAM: http://www.bezpieczenstwosystemow.pl/index.php?topic=4536.0

zainstalowałem kasperskiego ale nie chce mi sie uruchomić

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys - to wskazuje, że jednak usługa kaspra działa.

Start → Uruchom , wpisz :

sc delete ekrn

OK.

0

Do góry

#5 Lich-koś

Who doesn't like chocolate rain?

126 postów

Napisano 06 05 2009 - 20:31

Znaczy bo z tym kasperskym to taki ciekawy problem jest, że niby mam go zainstalowanego, ale w dodaj/usuń nie ma go w ogóle i uruchomić też sie nie chce. Nie mam pojęcia dlaczego. Niedługo wrzucę tu logi. Dodatkowo gdy próbuję usunąć folder kaspersky'iego to pokazuje mi że jakaś biblioteka .dll jest właśnie używana.

0

Do góry

#6 karolkuich

Początkujący

141 postów

Napisano 06 05 2009 - 23:20

Usuniemy Kaspra :

Wklej do notatnika :

File::
c:\windows\system32\drivers\klin.dat
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\drivers\fidbox2.idx
c:\windows\system32\drivers\fidbox.idx

Folder::
c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup

Driver::
klbg
klfltdev
klim5

Plik zapisz jako CFScript.txt , przeciągnij i upuść na ikonkę ComboFixa. Wklej loga, który powstanie po usuwaniu.

0

Do góry

Logi - Brak antywirusa, prośba o oczyszczenie

#1 Lich-koś

#2 karolkuich

#3 Lich-koś

#4 karolkuich

#5 Lich-koś

#6 karolkuich

Użytkownicy przeglądający ten temat: 1

Zaloguj się