Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[Problem] Natrętny wirus!

Rozpoczęty przez girolamo , 09 10 2008 22:38

Temat jest zamknięty

3 odpowiedzi w tym temacie

#1 girolamo

Nowy

3 postów

Napisano 09 10 2008 - 22:38

Witam. Mam problem ze swoim komputerem. Więc mam Wirusa na kompie którego mój AntyVisrus nie znajduje niestety. Na pulpicie ciągle mi się "robią" skróty o tematyce erotycznej i jakiś niby antyvirus "micro AV". Który jak sądzę sam jest wirusem. Nie wiem jak to usunąć :/ Prosze o pomoc

Logi z combofixa

ComboFix 08-09-27.03 - Micha? 2008-10-09 22:13:20.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.157 [GMT 2:00]
Uruchomiony z: H:\Documents and Settings\Micha?\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-09 do 2008-10-09  )))))))))))))))))))))))))))))))
.

2008-10-09 21:49 .	 61,440		H:\Documents and Settings\Michał\nkp2.exe
2008-10-09 21:25 . 2008-10-07 08:14	3,262	--a------	H:\WINDOWS\system32\2.ico
2008-10-09 21:24 . 2008-10-09 21:44	61,440	--a------	H:\Documents and Settings\Adam\nkp2.exe
2008-10-09 20:36 . 2008-10-09 20:35	512,096	--a------	H:\WINDOWS\system32\drivers\amon.sys
2008-10-09 20:36 . 2008-10-09 20:35	298,104	--a------	H:\WINDOWS\system32\imon.dll
2008-10-09 20:36 . 2008-10-09 20:35	15,424	--a------	H:\WINDOWS\system32\drivers\nod32drv.sys
2008-10-09 20:35 . 2008-10-09 20:35	<DIR>	d--------	H:\Program Files\ESET
2008-10-09 20:20 . 2008-10-09 21:49	<DIR>	d--------	H:\Program Files\PCHealthCenter
2008-10-09 20:20 . 2008-10-09 21:49	<DIR>	d--------	H:\Program Files\MicroAV
2008-10-09 20:20 . 2008-10-07 08:14	167,424	--a------	H:\WINDOWS\system32\MicroAV.cpl
2008-10-09 20:20 . 2008-10-07 08:14	3,262	--a------	H:\WINDOWS\system32\1.ico
2008-10-09 20:10 . 2008-10-09 22:14	103,394	--a------	H:\WINDOWS\system32\drivers\fd63ca1e.sys
2008-10-09 20:10 . 2008-10-09 20:10	32,256	--a------	H:\WINDOWS\system32\winzdn32.dll
2008-10-09 20:10 . 2008-10-09 20:10	23,040	--a------	H:\WINDOWS\system32\rs32net.exe
2008-10-09 19:58 . 2003-12-21 17:24	140,800	--a------	H:\WINDOWS\system32\drivers\xmasbus.sys
2008-10-09 19:58 . 2003-12-20 20:03	5,504	--a------	H:\WINDOWS\system32\drivers\xmasscsi.sys
2008-10-09 19:52 .	 <DIR>		H:\Documents and Settings\Michał\Dane aplikacji\DAEMON Tools Pro
2008-10-05 21:28 .	 <DIR>		H:\Documents and Settings\Michał\Dane aplikacji\Moyea
2008-10-04 14:12 . 2008-10-06 21:41	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\ipla
2008-10-04 14:12 . 2008-10-06 21:41	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\ipla
2008-10-04 14:11 . 2008-10-04 14:12	<DIR>	d--------	H:\Program Files\ipla
2008-10-02 21:41 . 2008-10-02 21:41	<DIR>	d--------	H:\Program Files\Codec Pack - All In 1
2008-10-02 21:41 . 2008-10-02 21:41	737,280	--a------	H:\WINDOWS\iun6002.exe
2008-10-01 15:55 . 2008-10-01 15:55	32	--a------	H:\WINDOWS\CD_Start.INI
2008-09-28 14:42 . 2008-09-28 14:42	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-09-27 19:56 . 1999-12-17 10:13	86,016	--a------	H:\WINDOWS\unvise32.exe
2008-09-27 19:41 . 2002-01-05 15:37	344,064	--a------	H:\WINDOWS\system32\msvcr70.dll
2008-09-27 19:22 . 2008-09-27 19:22	<DIR>	d--------	H:\Program Files\OJOsoft
2008-09-27 19:22 . 2008-09-27 19:22	<DIR>	d--------	H:\Program Files\Common Files\Common Share
2008-09-27 18:16 . 2008-09-27 18:19	<DIR>	d--------	H:\WINDOWS\ServicePackFiles
2008-09-27 18:16 . 2008-04-14 22:51	294,912	-----c---	H:\WINDOWS\system32\dllcache\dlimport.exe
2008-09-27 18:12 . 2006-12-29 00:31	19,569	--a------	H:\WINDOWS\002640_.tmp
2008-09-27 18:10 . 2008-09-27 18:10	<DIR>	d--------	H:\WINDOWS\EHome
2008-09-27 18:07 . 2008-09-27 18:07	<DIR>	d--------	H:\kopia zapasowa
2008-09-27 17:34 . 2008-09-27 17:39	<DIR>	d--------	H:\Program Files\Yahoo!
2008-09-26 20:14 .	 <DIR>		H:\Documents and Settings\Michał\UserData
2008-09-24 14:44 . 2008-09-24 14:43	103,736	--a------	H:\WINDOWS\system32\PnkBstrB.exe
2008-09-24 14:38 . 2008-09-24 14:38	<DIR>	d--------	H:\WINDOWS\system32\LogFiles
2008-09-21 15:38 . 2008-09-21 15:38	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-21 15:06 . 2008-09-27 16:48	4,096	--a------	H:\WINDOWS\system32\crash
2008-09-21 13:57 .	 <DIR>		H:\Documents and Settings\Michał\Dane aplikacji\Skype
2008-09-20 13:43 . 2008-10-09 20:06	107,888	--a------	H:\WINDOWS\system32\CmdLineExt.dll
2008-09-18 19:49 . 2008-10-09 11:33	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\skypePM
2008-09-18 19:49 . 2008-09-18 19:49	56	--ah-----	H:\WINDOWS\system32\ezsidmv.dat
2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Program Files\Skype
2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Program Files\Common Files\Skype
2008-09-18 19:39 . 2008-09-18 19:39	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-18 19:39 . 2008-10-09 16:36	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Skype
2008-09-12 00:20 . 2008-09-12 00:20	<DIR>	d--------	H:\Program Files\MSXML 4.0
2008-09-11 16:04 . 2008-10-01 17:58	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Printer Info Cache
2008-09-11 16:04 . 2008-10-01 17:58	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\Image Zone Express
2008-09-11 16:03 . 2008-09-11 16:03	<DIR>	d---s----	H:\Documents and Settings\Adam\UserData
2008-09-11 14:39 . 2006-10-26 19:56	32,592	--a------	H:\WINDOWS\system32\msonpmon.dll
2008-09-11 14:37 . 2008-09-11 14:37	<DIR>	d--------	H:\Program Files\MSBuild
2008-09-11 14:37 . 2008-09-11 14:37	<DIR>	d--------	H:\Program Files\Microsoft Works
2008-09-11 14:34 . 2008-09-11 14:34	<DIR>	d--------	H:\Program Files\Microsoft.NET
2008-09-11 14:31 . 2008-09-11 14:36	<DIR>	d--------	H:\WINDOWS\SHELLNEW
2008-09-11 14:30 . 2008-09-17 20:37	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-11 12:18 . 2008-09-11 12:18	<DIR>	d--------	H:\Program Files\Common Files\snpstd3
2008-09-11 12:18 . 2004-11-25 15:42	419,200	--a------	H:\WINDOWS\system32\drivers\snpstd3.sys
2008-09-11 12:18 . 2004-07-30 18:50	286,720	--a------	H:\WINDOWS\vsnpstd3.exe
2008-09-11 12:18 . 2004-08-09 17:43	94,208	--a------	H:\WINDOWS\amcap.exe
2008-09-11 12:18 . 2004-02-16 13:59	61,440	--a------	H:\WINDOWS\system32\csnpstd3.dll
2008-09-11 12:18 . 2004-11-26 10:33	57,344	--a------	H:\WINDOWS\system32\rsnpstd3.dll
2008-09-11 12:18 . 2004-06-15 15:18	53,248	--a------	H:\WINDOWS\system32\dsnpstd3.dll
2008-09-11 12:18 . 2004-11-25 12:59	36,864	--a------	H:\WINDOWS\system32\vsnpstd3.dll
2008-09-11 12:18 . 2004-11-25 12:54	36,864	--a------	H:\WINDOWS\system32\dsnpstd3.ax
2008-09-11 12:18 . 2004-08-06 15:48	20,480	--a------	H:\WINDOWS\usnpstd3.exe
2008-09-11 12:18 . 2004-02-27 17:36	15,498	--a------	H:\WINDOWS\snpstd3.ini
2008-09-11 12:18 . 2004-02-27 17:36	13,023	--a------	H:\WINDOWS\snpstd3.src
2008-09-10 14:23 .	 <DIR>		H:\Documents and Settings\Michał\Dane aplikacji\HP
2008-09-10 13:32 . 2008-09-10 13:32	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-09-10 13:31 . 2008-09-11 16:02	<DIR>	d--------	H:\Documents and Settings\Adam\Dane aplikacji\HP
2008-09-10 13:28 . 2008-09-10 13:28	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-09-10 13:28 . 2008-09-10 13:29	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\HP
2008-09-10 13:27 . 2008-09-10 13:27	<DIR>	d--------	H:\Program Files\Hewlett-Packard
2008-09-10 13:27 . 2008-09-10 13:30	<DIR>	d--------	H:\Program Files\Common Files\HP
2008-09-10 13:27 . 2008-09-10 13:27	<DIR>	d--------	H:\Program Files\Common Files\Hewlett-Packard
2008-09-10 13:26 . 2008-09-10 13:26	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-09-10 13:26 . 2006-12-06 08:02	49,920	-ra------	H:\WINDOWS\system32\drivers\HPZid412.sys
2008-09-10 13:26 . 2006-12-06 08:02	16,496	-ra------	H:\WINDOWS\system32\drivers\HPZipr12.sys
2008-09-10 13:25 . 2006-12-06 08:00	675,840	-ra------	H:\WINDOWS\system32\hpowiax3.dll
2008-09-10 13:25 . 2006-12-06 08:00	569,344	-ra------	H:\WINDOWS\system32\hpotscl3.dll
2008-09-10 13:25 . 2006-12-06 08:02	364,544	-ra------	H:\WINDOWS\system32\hppldcoi.dll
2008-09-10 13:25 . 2006-12-06 08:02	309,760	-ra------	H:\WINDOWS\system32\difxapi.dll
2008-09-10 13:25 . 2006-12-06 08:00	294,912	-ra------	H:\WINDOWS\system32\hpovst10.dll
2008-09-10 13:25 . 2006-12-15 18:04	258,048	-ra------	H:\WINDOWS\system32\hpzids01.dll
2008-09-10 13:25 . 2006-12-30 15:49	117,760	--a------	H:\WINDOWS\system32\hpzll4v2.dll
2008-09-10 13:25 . 2006-12-06 08:02	21,568	-ra------	H:\WINDOWS\system32\drivers\HPZius12.sys
2008-09-10 13:25 . 2008-04-14 00:15	15,104	--a------	H:\WINDOWS\system32\drivers\usbscan.sys
2008-09-10 13:23 . 2008-09-10 13:24	<DIR>	d----c---	H:\WINDOWS\system32\DRVSTORE
2008-09-10 13:23 . 2008-09-10 13:38	<DIR>	d--------	H:\Program Files\HP
2008-09-10 13:20 . 2008-10-08 19:46	141,290	--a------	H:\WINDOWS\hpoins12.dat
2008-09-10 13:20 . 2007-01-22 18:05	1,470	---------	H:\WINDOWS\hpomdl12.dat
2008-09-09 17:57 . 2008-09-09 17:57	<DIR>	d--h-----	H:\WINDOWS\PIF
2008-09-09 16:22 . 2004-08-17 21:14	442,368	-ra------	H:\WINDOWS\system32\vp6vfw.dll
2008-09-09 16:03 .	 <DIR>		H:\Documents and Settings\Michał\Dane aplikacji\DAEMON Tools
2008-09-09 16:03 . 2008-09-09 16:03	717,296	--a------	H:\WINDOWS\system32\drivers\sptd.sys
2008-09-09 13:05 . 2008-04-14 00:17	25,856	--a------	H:\WINDOWS\system32\drivers\usbprint.sys
2008-09-09 13:04 . 2008-04-14 00:15	32,128	--a------	H:\WINDOWS\system32\drivers\usbccgp.sys

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 18:12	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Adobe
2008-10-08 16:50	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Tlen.pl
2008-10-05 13:24	---------	d--h--w	H:\Program Files\InstallShield Installation Information
2008-10-03 17:21	---------	d-s---w	H:\Documents and Settings\Michał\Dane aplikacji\Microsoft
2008-09-29 08:22	---------	d-----w	H:\Program Files\Gadu-Gadu
2008-09-28 14:41	---------	d-----w	H:\Program Files\Tlen.pl
2008-09-07 18:30	---------	d-----w	H:\Program Files\Picasa2
2008-09-07 18:30	---------	d-----w	H:\Program Files\Google
2008-09-07 11:17	---------	d-----w	H:\Documents and Settings\Adam\Dane aplikacji\Winamp
2008-09-06 21:06	---------	d-----w	H:\Documents and Settings\Adam\Dane aplikacji\ATI
2008-09-03 17:39	---------	d-----w	H:\Program Files\Burn4Free
2008-09-01 20:08	---------	d-----w	H:\Program Files\Common Files\Adobe AIR
2008-09-01 20:08	---------	d-----w	H:\Program Files\Common Files\Adobe
2008-09-01 20:08	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Macromedia
2008-09-01 18:29	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Winamp
2008-09-01 17:19	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\ATI
2008-09-01 17:14	---------	d-----w	H:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-09-01 17:08	---------	d-----w	H:\Program Files\ffdshow
2008-09-01 16:58	---------	d-----w	H:\Program Files\Common Files\ATI Technologies
2008-09-01 16:55	---------	d-----w	H:\Program Files\ATI Technologies
2008-09-01 16:50	---------	d-----w	H:\Program Files\Common Files\InstallShield
2008-09-01 16:47	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Mozilla
2008-09-01 16:41	---------	d-----w	H:\Documents and Settings\Michał\Dane aplikacji\Identities
2008-09-01 16:33	---------	d-----w	H:\Program Files\Realtek AC97
2008-09-01 16:33	---------	d-----w	H:\Program Files\AvRack
2008-09-01 16:31	---------	d-----w	H:\Program Files\AMD
2008-09-01 16:30	4,096	----a-w	H:\WINDOWS\gdrv.sys
2008-09-01 16:19	---------	d-----w	H:\Program Files\Realtek Sound Manager
2008-09-01 16:16	---------	d-----w	H:\Program Files\Multimedia Card Reader
2008-09-01 16:01	---------	d-----w	H:\Program Files\microsoft frontpage
2008-09-01 15:58	---------	d-----w	H:\Program Files\Usługi online
2008-07-19 05:08	719,872	----a-w	H:\WINDOWS\system32\devil.dll
2008-07-19 05:08	351,744	----a-w	H:\WINDOWS\system32\avisynth.dll
2008-07-18 20:10	94,920	----a-w	H:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	H:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	45,768	----a-w	H:\WINDOWS\system32\wups2.dll
2008-07-18 20:10	36,552	----a-w	H:\WINDOWS\system32\wups.dll
2008-07-18 20:09	563,912	----a-w	H:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	325,832	----a-w	H:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	205,000	----a-w	H:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09	1,811,656	----a-w	H:\WINDOWS\system32\wuaueng.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Komunikator"="H:\Program Files\Tlen.pl\tlen.exe" [2007-10-16 6234112]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"\YUR28.exe"="C:\Windows\system32\YUR28.exe" [2008-10-07 25088]
"\YUR29.exe"="C:\Windows\system32\YUR29.exe" [2008-10-07 25088]
"\YUR2A.exe"="C:\Windows\system32\YUR2A.exe" [2008-10-07 24064]
"\YUR2B.exe"="C:\Windows\system32\YUR2B.exe" [2008-10-07 24064]
"\YUR59.exe"="C:\Windows\system32\YUR59.exe" [2008-10-07 25088]
"\YUR5A.exe"="C:\Windows\system32\YUR5A.exe" [2008-10-07 25088]
"\YUR5B.exe"="C:\Windows\system32\YUR5B.exe" [2008-10-07 24064]
"\YUR67.exe"="C:\Windows\system32\YUR67.exe" [2008-10-07 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="H:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072]
"ATICCC"="H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 37376]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-09-23 37761]
"Picasa Media Detector"="H:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-09-23 368647]
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"snpstd3"="H:\WINDOWS\vsnpstd3.exe" [2004-07-30 286720]
"GrooveMonitor"="F:\office\Office12\GrooveMonitor.exe" [2008-09-24 32632]
"avgnt"="E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-09-28 274457]
"\YUR28.exe"="C:\Windows\system32\YUR28.exe" [2008-10-07 25088]
"\YUR29.exe"="C:\Windows\system32\YUR29.exe" [2008-10-07 25088]
"\YUR2A.exe"="C:\Windows\system32\YUR2A.exe" [2008-10-07 24064]
"\YUR2B.exe"="C:\Windows\system32\YUR2B.exe" [2008-10-07 24064]
"nod32kui"="e:\Eset\nod32kui.exe" [2008-10-09 949376]
"\YUR3C.exe"="C:\Windows\system32\YUR3C.exe" [2008-10-07 25088]
"\YUR3D.exe"="C:\Windows\system32\YUR3D.exe" [2008-10-07 24064]
"\YUR3E.exe"="C:\Windows\system32\YUR3E.exe" [2008-10-07 25088]
"\YUR3F.exe"="C:\Windows\system32\YUR3F.exe" [2008-10-07 24064]
"\YUR59.exe"="C:\Windows\system32\YUR59.exe" [2008-10-07 25088]
"\YUR5A.exe"="C:\Windows\system32\YUR5A.exe" [2008-10-07 25088]
"\YUR5B.exe"="C:\Windows\system32\YUR5B.exe" [2008-10-07 24064]
"\YUR67.exe"="C:\Windows\system32\YUR67.exe" [2008-10-07 74752]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 H:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

H:\Documents and Settings\Adam\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - F:\office\Office12\ONENOTEM.EXE [2006-10-26 98632]

H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32]
2008-10-09 20:10 32256 H:\WINDOWS\system32\winzdn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"H:\\Program Files\\Tlen.pl\\tlen.exe"=
"E:\\instalki\\DCPlusPlus.exe"=
"E:\\metin\\metin2.bin"=
"E:\\DC++\\DCPlusPlus.exe"=
"F:\\office\\Office12\\OUTLOOK.EXE"=
"F:\\office\\Office12\\groove.exe"=
"F:\\office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\Skype\\Phone\\Skype.exe"=
"H:\\WINDOWS\\system32\\winver.exe"=
"C:\\WINDOWS\\system32\\bvdmss.exe"=
"nkp2.exe"= nkp2.exe:BVDMSS

R0 xmasbus;xmasbus;H:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
R0 xmasscsi;xmasscsi;H:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 5504]
S2 BVDMSS;Windows Network Data Management System Service;C:\WINDOWS\system32\bvdmss.exe [2008-10-09 61440]
S3 {BEE686B9-4C84-4487-9D72-9F40F051E973};{BEE686B9-4C84-4487-9D72-9F40F051E973};H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ	   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ	   hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
{BEE686B9-4C84-4487-9D72-9F40F051E973}

*Newly Created Service* - bvdmss
*Newly Created Service* - ws2ifsl
*Newly Created Service* - XMASSCSI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-\YUR58.exe - C:\Windows\system32\YUR58.exe
HKLM-Run-\YUR58.exe - C:\Windows\system32\YUR58.exe


.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.startpage.reganam.com
O8 -: E&ksportuj do programu Microsoft Excel - F:\office\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 22:14:13
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BEE686B9-4C84-4487-9D72-9F40F051E973}]
"ServiceDll"="H:\DOCUME~1\Adam\USTAWI~1\Temp\1C88.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fd63ca1e]
"ImagePath"="\SystemRoot\System32\drivers\fd63ca1e.sys"
.
Czas ukończenia: 2008-10-09 22:16:28
ComboFix-quarantined-files.txt  2008-10-09 20:16:25
ComboFix2.txt  2008-09-28 17:10:14

Przed: 2˙190˙163˙968 bajt˘w wolnych
Po: 2,221,461,504 bajt˘w wolnych

263	--- E O F ---	2008-09-28 21:12:34

I HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:56, on 2008-10-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\Multimedia Card Reader\shwicon2k.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Winamp\winampa.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Documents and Settings\Michał\Dane aplikacji\Adobe\Player.exe
C:\WINDOWS\system32\bvdmss.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Mozilla Firefox\firefox.exe
E:\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.startpage.reganam.com"]http://www.startpage.reganam.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\office\Office12\GRA8E1~1.DLL
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - e:\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - H:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exe
O4 - HKLM\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exe
O4 - HKLM\..\Run: [\YUR2A.exe] C:\Windows\system32\YUR2A.exe
O4 - HKLM\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exe
O4 - HKLM\..\Run: [nod32kui] "e:\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [\YUR3C.exe] C:\Windows\system32\YUR3C.exe
O4 - HKLM\..\Run: [\YUR3D.exe] C:\Windows\system32\YUR3D.exe
O4 - HKLM\..\Run: [\YUR3E.exe] C:\Windows\system32\YUR3E.exe
O4 - HKLM\..\Run: [\YUR3F.exe] C:\Windows\system32\YUR3F.exe
O4 - HKLM\..\Run: [\YUR59.exe] C:\Windows\system32\YUR59.exe
O4 - HKLM\..\Run: [\YUR5A.exe] C:\Windows\system32\YUR5A.exe
O4 - HKLM\..\Run: [\YUR5B.exe] C:\Windows\system32\YUR5B.exe
O4 - HKLM\..\Run: [\YUR67.exe] C:\Windows\system32\YUR67.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\YUR28.exe] C:\Windows\system32\YUR28.exe
O4 - HKCU\..\Run: [\YUR29.exe] C:\Windows\system32\YUR29.exe
O4 - HKCU\..\Run: [\YUR2A.exe] C:\Windows\system32\YUR2A.exe
O4 - HKCU\..\Run: [\YUR2B.exe] C:\Windows\system32\YUR2B.exe
O4 - HKCU\..\Run: [\YUR59.exe] C:\Windows\system32\YUR59.exe
O4 - HKCU\..\Run: [\YUR5A.exe] C:\Windows\system32\YUR5A.exe
O4 - HKCU\..\Run: [\YUR5B.exe] C:\Windows\system32\YUR5B.exe
O4 - HKCU\..\Run: [\YUR67.exe] C:\Windows\system32\YUR67.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\office\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\office\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzdn32 - H:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Network Data Management System Service (bvdmss) - Unknown owner - C:\WINDOWS\system32\bvdmss.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset  - e:\Eset\nod32krn.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7420 bytes

Z góry dziękuje (Ale debil ze mnie ;/

se sciągnęłem wirusa...)

0

Do góry

#2 Chinka

Seal of Approval

426 postów

Napisano 09 10 2008 - 23:03

O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe i wszystkie wpisy zyurami sfixuj, ściągnij malwarebytes i zrób pełny skan - potem usuń ten syf, dla pewności użyj smitfraudfixa identycznie jak się używa w przypadku zakażenia ieav.exe
Dla kontroli po tych czynnościach daj log z hijacka. I smitfraudfixa po zrobieniu czyszczenia nim.

0

Do góry

#3 girolamo

Nowy

3 postów

Napisano 09 10 2008 - 23:24

zrobiłem to co mówiłaś

scan SmitFraudFix

SmitFraudFix v2.357

Scan done at 23:22:26,75, 2008-10-09
Run from H:\Documents and Settings\Michaˆ\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Multimedia Card Reader\shwicon2k.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Winamp\winampa.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\vsnpstd3.exe
F:\office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\bvdmss.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\WINDOWS\system32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\NOTEPAD.EXE
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\Michał\Pulpit\SmitfraudFix\Policies.exe
H:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» H:\


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32

H:\WINDOWS\system32\1.ico FOUND !
H:\WINDOWS\system32\2.ico FOUND !
H:\WINDOWS\system32\MicroAV.cpl FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» H:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Michaˆ


»»»»»»»»»»»»»»»»»»»»»»»» H:\Documents and Settings\Michaˆ\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» H:\DOCUME~1\MICHA~1\Ulubione


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» H:\Program Files 

H:\Program Files\MicroAV\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
[img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]!Attention, following keys are not inevitably infected![img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 85.14.85.14
DNS Server Search Order: 85.14.85.2
DNS Server Search Order: 82.160.198.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FFAB1664-7191-4B43-B750-458729F33CA5}: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.14.85.14 85.14.85.2 82.160.198.5


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

HJ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:23, on 2008-10-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
e:\Alcohol 120\StarWind\StarWindServiceAE.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Multimedia Card Reader\shwicon2k.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Winamp\winampa.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\vsnpstd3.exe
F:\office\Office12\GrooveMonitor.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
H:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\bvdmss.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\explorer.exe
E:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.reganam.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\office\Office12\GRA8E1~1.DLL
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - e:\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - H:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Sunkist2k] H:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] H:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [snpstd3] H:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] H:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\office\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\office\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\office\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - E:\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Network Data Management System Service (bvdmss) - Unknown owner - C:\WINDOWS\system32\bvdmss.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (idrivert) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5959 bytes

0

Do góry

#4 Maariusz69

Obserwator

9 postów

Napisano 10 10 2008 - 08:17

nie wiem czy to Ci pomoże ale ja kiedyś też miałem natrętnego wirusa z którym nie mogłem sobie poradzić więc po prostu przywróciłem system do ostatniej daty i wszystko jest spoko...

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych