Duplikaty plikow z rozszerzeniem .exe

[adamo88]

mam problem pojawily mi sie pliki z rozszerzeniami np .jpg.exe .avi.exe
nie wiem co jest ale cosik jest nie tak oto logi z combofix i hijacka

Kod: Zaznacz wszystko

ComboFix 08-11-10.01 - adamo88 2008-11-11 21:20:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.553 [GMT 1:00]
Uruchomiony z: c:\instalki\od virusow\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-10-11 do 2008-11-11  )))))))))))))))))))))))))))))))
.

2008-11-11 21:03 . 2008-11-06 02:03   <DIR>   d--------   C:\SDFix
2008-11-11 18:10 . 2008-11-11 18:10   <DIR>   d--h-----   C:\$AVG8.VAULT$
2008-11-11 17:44 . 2008-11-11 17:47   <DIR>   d--------   c:\windows\system32\drivers\Avg
2008-11-11 17:44 . 2008-11-11 17:44   <DIR>   d--------   c:\program files\AVG
2008-11-11 17:44 . 2008-11-11 17:44   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\avg8
2008-11-11 17:44 . 2008-11-11 21:14   97,928   --a------   c:\windows\system32\drivers\avgldx86.sys
2008-11-11 17:44 . 2008-11-11 21:14   76,040   --a------   c:\windows\system32\drivers\avgtdix.sys
2008-11-11 17:44 . 2008-11-11 21:14   10,520   --a------   c:\windows\system32\avgrsstx.dll
2008-11-09 21:22 . 2008-11-09 21:41   <DIR>   d--------   c:\program files\3DMark2001 SE
2008-11-09 21:21 . 2008-11-09 21:21   <DIR>   d--------   c:\windows\system32\Futuremark
2008-11-09 21:21 . 2004-10-25 20:02   21,664   --a------   c:\windows\system32\drivers\Entech.sys
2008-11-09 21:21 . 2001-11-19 18:05   3,972   ---------   c:\windows\system32\drivers\PciBus.sys
2008-11-09 21:20 . 2008-11-09 21:48   <DIR>   d--------   c:\program files\3DMark03
2008-11-09 17:25 . 2008-11-09 17:25   <DIR>   d--------   c:\documents and settings\JA\Dane aplikacji\Gadu-Gadu
2008-11-09 17:24 . 2008-11-09 17:24   <DIR>   d--------   c:\program files\Gadu-Gaduja
2008-11-09 17:24 . 2008-11-09 17:24   <DIR>   d--------   c:\program files\Gadu-Gadu ja
2008-11-09 17:24 . 2008-11-09 17:25   <DIR>   d--------   c:\documents and settings\JA\Gadu-Gadu
2008-11-09 17:23 . 2008-11-11 08:52   <DIR>   d--------   c:\documents and settings\JA\Dane aplikacji\skypePM
2008-11-09 17:21 . 2008-11-11 15:47   <DIR>   d--------   c:\documents and settings\JA\Dane aplikacji\Skype
2008-11-09 17:16 . 2008-11-11 21:22   <DIR>   d--h-----   c:\documents and settings\JA\Ustawienia lokalne
2008-11-09 17:16 . 2008-11-11 13:25   <DIR>   dr-------   c:\documents and settings\JA\Ulubione
2008-11-09 17:16 . 2008-10-28 20:03   <DIR>   d--h-----   c:\documents and settings\JA\Szablony
2008-11-09 17:16 . 2008-11-09 17:24   <DIR>   d--------   c:\documents and settings\JA\Pulpit
2008-11-09 17:16 . 2008-11-09 17:17   <DIR>   dr-------   c:\documents and settings\JA\Moje dokumenty
2008-11-09 17:16 . 2008-11-09 17:24   <DIR>   dr-------   c:\documents and settings\JA\Menu Start
2008-11-09 17:16 . 2008-11-09 17:25   <DIR>   dr-h-----   c:\documents and settings\JA\Dane aplikacji
2008-11-09 17:16 . 2008-11-11 17:44   <DIR>   d--------   c:\documents and settings\JA
2008-11-05 20:22 . 2008-11-05 20:22   <DIR>   d--------   c:\program files\RivaTuner v2.11
2008-11-04 00:02 . 2008-11-04 00:02   <DIR>   d--------   c:\documents and settings\adamo88\Dane aplikacji\DivX
2008-11-03 23:56 . 2008-11-03 23:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2008-11-03 23:53 . 2008-11-03 23:53   <DIR>   d--------   c:\program files\Adobe Media Player
2008-11-03 23:50 . 2008-11-03 23:50   <DIR>   d--------   c:\program files\Common Files\Adobe AIR
2008-11-03 23:48 . 2008-11-03 23:48   <DIR>   d--------   c:\program files\Common Files\Macrovision Shared
2008-11-03 23:47 . 2008-11-04 21:02   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-11-02 22:42 . 2008-11-02 22:43   <DIR>   d--------   c:\program files\DivX
2008-11-02 22:39 . 2008-11-02 22:39   <DIR>   d--------   c:\program files\SubEdit-Player
2008-11-02 22:11 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2008-11-02 21:55 . 2008-11-02 21:55   <DIR>   d--------   c:\program files\Unlocker
2008-11-02 17:39 . 2008-11-04 21:43   162   --a------   c:\windows\LEXSTAT.INI
2008-11-02 17:38 . 2008-11-02 17:38   <DIR>   d--------   c:\documents and settings\adamo88\WINDOWS
2008-11-02 17:38 . 1997-04-18 11:52   298,496   --a------   c:\windows\unin0415.exe
2008-11-01 20:52 . 2008-11-05 17:58   <DIR>   d--------   C:\Downloads
2008-10-30 06:33 . 2008-04-14 22:51   16,384   --a------   c:\windows\system32\ipsink.ax
2008-10-30 06:33 . 2008-04-14 22:51   16,384   --a--c---   c:\windows\system32\dllcache\ipsink.ax
2008-10-30 06:33 . 2008-04-14 00:16   15,232   --a------   c:\windows\system32\drivers\StreamIP.sys
2008-10-30 06:33 . 2008-04-14 00:16   15,232   --a--c---   c:\windows\system32\dllcache\streamip.sys
2008-10-30 06:33 . 2008-04-14 00:16   10,880   --a------   c:\windows\system32\drivers\NdisIP.sys
2008-10-30 06:33 . 2008-04-14 00:16   10,880   --a--c---   c:\windows\system32\dllcache\ndisip.sys
2008-10-30 06:33 . 2008-04-14 00:09   5,504   --a------   c:\windows\system32\drivers\MSTEE.sys
2008-10-30 06:33 . 2008-04-14 00:09   5,504   --a--c---   c:\windows\system32\dllcache\mstee.sys
2008-10-29 22:49 . 2008-10-29 22:52   <DIR>   d--------   c:\program files\totalcmd
2008-10-29 22:49 . 2008-11-11 18:19   675   --a------   c:\windows\wincmd.ini
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\UC.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\RAR.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\PKZIP.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\LHA.PIF
2008-10-29 22:49 . 2008-08-08 07:04   545   --a------   c:\windows\ARJ.PIF
2008-10-29 21:49 . 2008-11-10 23:57   <DIR>   d--------   c:\program files\CS
2008-10-29 21:28 . 2008-10-29 21:28   <DIR>   d--------   c:\windows\EffectResources
2008-10-29 21:28 . 2008-10-29 21:28   <DIR>   d--------   c:\windows\CatRoot
2008-10-29 21:28 . 2008-10-29 21:28   <DIR>   d--------   c:\program files\Vimicro
2008-10-29 21:28 . 2006-05-08 10:24   391,688   --a------   c:\windows\system32\drivers\usbVM305.sys
2008-10-29 21:28 . 2000-10-31 12:00   307,200   --a------   c:\windows\vidcap32.Exe
2008-10-29 21:28 . 2005-05-03 15:51   176,128   --a------   c:\windows\amcap.exe
2008-10-29 21:28 . 2005-08-08 18:22   155,722   --a------   c:\windows\system32\VM305Prp.Ax
2008-10-29 21:28 . 2005-08-08 16:36   114,688   --a------   c:\windows\VM305Cap.exe
2008-10-29 21:28 . 2005-08-05 18:36   81,920   --a------   c:\windows\system32\VM305Sti.dll
2008-10-29 21:28 . 2005-08-05 15:15   61,440   --a------   c:\windows\VM305_STI.exe
2008-10-29 21:28 . 2005-05-02 16:45   53,248   --a------   c:\windows\Sti305.exe
2008-10-28 23:09 . 2008-10-28 23:09   <DIR>   d--------   c:\program files\Damian Pasternak
2008-10-28 23:03 . 2008-11-11 20:33   <DIR>   d--------   c:\program files\DC++
2008-10-28 22:36 . 2008-10-28 22:36   <DIR>   d--------   c:\program files\Quintessential Player
2008-10-28 22:36 . 2008-10-28 22:39   <DIR>   d--------   c:\documents and settings\adamo88\Dane aplikacji\Quintessential Player
2008-10-28 22:16 . 2008-11-11 21:18   <DIR>   d--------   c:\documents and settings\adamo88\Dane aplikacji\skypePM
2008-10-28 22:16 . 2008-10-28 22:16   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-10-28 22:15 . 2008-11-11 21:23   <DIR>   d--------   c:\documents and settings\adamo88\Dane aplikacji\Skype
2008-10-28 22:13 . 2008-10-28 22:13   <DIR>   d--------   c:\program files\Skype
2008-10-28 22:13 . 2008-10-28 22:13   <DIR>   d--------   c:\program files\Common Files\Skype
2008-10-28 22:13 . 2008-10-28 22:13   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2008-10-28 21:46 . 2008-10-28 21:46   <DIR>   d--------   c:\program files\Konnekt
2008-10-28 21:45 . 2008-10-28 21:45   <DIR>   d--------   c:\documents and settings\adamo88\Dane aplikacji\Gadu-Gadu
2008-10-28 21:44 . 2008-10-28 21:44   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-10-28 21:44 . 2008-10-28 21:45   <DIR>   d--------   c:\documents and settings\adamo88\Gadu-Gadu
2008-10-28 21:19 . 2008-10-28 21:19   <DIR>   d--------   c:\program files\Opera

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 20:22   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-09 20:21   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-10-28 19:17   ---------   d-----w   c:\program files\Atheros Communications Inc
2008-10-28 19:16   315,392   ----a-w   c:\windows\HideWin.exe
2008-10-28 19:16   ---------   d-----w   c:\program files\Realtek
2008-10-28 19:08   ---------   d-----w   c:\program files\microsoft frontpage
2008-10-28 19:06   ---------   d-----w   c:\program files\Usługi online
2008-10-28 19:03   ---------   d-----w   c:\program files\Windows Media Connect 2
2008-10-02 09:07   453,152   ----a-w   c:\windows\system32\NVUNINST.EXE
2008-09-16 00:14   524,288   ----a-w   c:\windows\system32\DivXsm.exe
2008-09-16 00:14   3,596,288   ----a-w   c:\windows\system32\qt-dx331.dll
2008-09-16 00:12   81,920   ----a-w   c:\windows\system32\dpl100.dll
2008-09-16 00:12   593,920   ----a-w   c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12   57,344   ----a-w   c:\windows\system32\dpv11.dll
2008-09-16 00:12   53,248   ----a-w   c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12   344,064   ----a-w   c:\windows\system32\dpus11.dll
2008-09-16 00:12   294,912   ----a-w   c:\windows\system32\dpu11.dll
2008-09-16 00:12   294,912   ----a-w   c:\windows\system32\dpu10.dll
2008-09-16 00:12   200,704   ----a-w   c:\windows\system32\ssldivx.dll
2008-09-16 00:12   196,608   ----a-w   c:\windows\system32\dtu100.dll
2008-09-16 00:12   1,044,480   ----a-w   c:\windows\system32\libdivx.dll
2008-09-16 00:11   823,296   ----a-w   c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11   823,296   ----a-w   c:\windows\system32\divx_xx07.dll
2008-09-16 00:11   815,104   ----a-w   c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11   802,816   ----a-w   c:\windows\system32\divx_xx11.dll
2008-09-16 00:11   683,520   ----a-w   c:\windows\system32\DivX.dll
2008-09-16 00:11   161,096   ----a-w   c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11   12,288   ----a-w   c:\windows\system32\DivXWMPExtType.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"RivaTuner"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-11 1234712]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"i:\\Direct Connect\\DCPlusPlus.exe"=
"c:\\instalki\\Direct Connect\\DCPlusPlus.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\CS\\hl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-11 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-11 76040]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys [2006-05-08 391688]

*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 21:23:02
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-11 21:24:01
ComboFix-quarantined-files.txt  2008-11-11 20:23:55

Przed: 91 132 039 168 bajtów wolnych
Po: 93,124,239,360 bajtów wolnych

202


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:00, on 2008-11-11
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM305_STI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\instalki\od virusow\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5550 bytes


[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt +Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

powiedz gdzie te pliki sie pokazaly..

[adamo88]

spfix report - po restarcie sie robilo az zasnalem ale ok 5.40 bylo gotowe

Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by adamo88 on 2008-11-11 at 22:31

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 23:16:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Konnekt\\konnekt.exe"="C:\\Program Files\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core"
"I:\\Direct Connect\\DCPlusPlus.exe"="I:\\Direct Connect\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\instalki\\Direct Connect\\DCPlusPlus.exe"="C:\\instalki\\Direct Connect\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\CS\\hl.exe"="C:\\Program Files\\CS\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]



kaspersky raport - po 4 godzinach

Kod: Zaznacz wszystko

--------------------------------------------------------------------------------
RAPORT KASPERSKY ONLINE SCANNER 7.0
środa, 12 listopad 2008
System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Wednesday, November 12, 2008 14:58:32
Liczba wpisów: 1381688
--------------------------------------------------------------------------------

Ustawienia skanowania:
   Typ bazy danych użytej do skanowania: rozszerzona
   Skanuj archiwa: tak
   Skanuj pocztowe bazy danych: tak

Obszar skanowania - Mój komputer:
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\
   J:\

Statystyki skanowania:
   Przeskanowanych plików: 121319
   Nazwa zagrożenia: 1
   Zainfekowanych obiektów: 20
   Podejrzanych obiektów: 0
   Czas skanowania: 03:58:53


Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń
C:\Downloads\Nero_9.0.9.4c_by_Inc0gnit0\Nero 9.0.9.4c.exe   Zainfekowany: Trojan-Ransom.Win32.Hexzone.gen   4
C:\Downloads\Nero_9.0.9.4c_by_Inc0gnit0.part1.rar   Zainfekowany: Trojan-Ransom.Win32.Hexzone.gen   4
C:\Downloads\Nero_9.0.9.4c_by_Inc0gnit0.part2.rar   Zainfekowany: Trojan-Ransom.Win32.Hexzone.gen   4
C:\Downloads\Nero_9.0.9.4c_by_Inc0gnit0.part3.rar   Zainfekowany: Trojan-Ransom.Win32.Hexzone.gen   4
C:\Downloads\Nero_9.0.9.4c_by_Inc0gnit0.part4.rar   Zainfekowany: Trojan-Ransom.Win32.Hexzone.gen   4

Wybrany obszar został przeskanowany.


domyslam sie ze te pliki do wykasowania
FixIeDef - nie wiem gdzie ma jakies logi bo nic nie wyskoczylo
Windows Worms Doors Cleaner - juz wczesniej uzylem - i znow monit ze komp moze byc zagrozony wyskakuje caly czas :[

[Magik]

Co do loga z kaspra pluje sie do tej scrackowanej instalki Nero, wiec.......albo nagraj ja na plyte albo wyrzuc lub zmien nazwe cracka do Nero



na fix w Hijacku

Kod: Zaznacz wszystko

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

nie ma w tym kompie zadnego porzadnego firewalla, a ten AVG jest tyle wart co ****

powiedz gdzie te pliki sie pokazaly..

[adamo88]

no tak tylko AVG ale ten darmowy pociaglem z sieci, te nero wykasowalem - i to wlasnie o te pliki w kasperskym mi chodzilo :]
w razie co dorzucam log z hijacka po fix'ie

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:51, on 2008-11-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\instalki\od virusow\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226465249932&h=fe388a107b73632fe40449115cee5749/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6225 bytes


zainstalowalem Kerio personal firewall i instaluje AVAST a AVG wyrzuce skoro taki lipny
dzieki za pomoc

[Magik]

np AVAST

heheh jeszcze gorzej niz AVG

NoD, Kasperski, McAfee+Za lub Kerio lub Comodo

jesli darmowy to Avira-->ale z darmowkami odpusc sobie

czy lepiej po prostu robic raz na jakis czas taki scan kasperskym online?

w dzisiejszych czasach to moze byc dodatek

a HJT czysty