Win32.hidrag.a potrzebuję pomocy !!!!

**Posty:** 2 · przez **janush1987** 05 Lut 2009, 19:47

Witam wczoraj Kaspersky 2009 wykrył mi na wszystkich dyskach a mam ich 7 partycji mnóstwo zainfekowanych plików (.exe). Zauważyłem tez ze jest pełno aktywnych procesów (svchost), które strasznie obciażają system i procka (100%) . Prosze o szybka pomoc w usónięciu tego problemu. Dodam tylko ze Kaspesky sobie nie radzi:(

**Posty:** 8001 · przez **Okocza** 05 Lut 2009, 19:51

janush1987, wstaw logi z combofixa i hijack thisa w tagi code

**Posty:** 2 · przez **janush1987** 05 Lut 2009, 20:48

Dzieki za szybka reakcje niestety teraz jestem w pracy w domu bede ok 23 .00 wiec jak tylko wróce zrobie te logi i wstawie najszybciej jak to mozliwe.

Dodano Dzisiaj, 23:34:
Witam wstawiam logi

Combofix:

Kod: Zaznacz wszystko: ComboFix 09-02-05.01 - Seba 2009-02-05 23:13:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.669 [GMT 1:00] Uruchomiony z: c:\documents and settings\Seba\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\IEToolbar c:\program files\IEToolbar\ECO Bar\basis.xml c:\program files\IEToolbar\ECO Bar\ecobar.dll c:\program files\IEToolbar\ECO Bar\icons.bmp c:\program files\IEToolbar\ECO Bar\info.txt c:\program files\IEToolbar\ECO Bar\tbhelper.dll c:\program files\IEToolbar\ECO Bar\uninstall.exe c:\program files\IEToolbar\ECO Bar\version.txt c:\program files\IEToolbar\ECO Bar\your_logo.png c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\myglobalsearch c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL c:\program files\myglobalsearch\bar\Cache\[u]0[/u]265840F c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658660 c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658799.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]265893F.bin c:\program files\myglobalsearch\bar\Cache\[u]0[/u]2658A58.bin c:\program files\myglobalsearch\bar\Cache\files.ini c:\program files\myglobalsearch\bar\History\search c:\program files\myglobalsearch\bar\Settings\prevcfg.htm c:\program files\p2pmax c:\program files\p2pmax\p2pmaxu.exe c:\windows\system32\ityeayfvwggzieka.dll c:\windows\system32\tmp14.tmp c:\windows\ufdata2000.log D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf J:\Autorun.inf K:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER ((((((((((((((((((((((((( Pliki utworzone od 2009-01-05 do 2009-02-05 ))))))))))))))))))))))))))))))) . 2009-02-05 18:43 . 2009-02-05 18:45 <DIR> d-------- c:\program files\Winamp 2009-02-05 18:43 . 2009-02-05 20:47 1,125 --a------ c:\windows\winamp.ini 2009-02-05 18:41 . 2009-02-05 18:41 706 --a------ c:\windows\unins000.dat 2009-02-05 00:27 . 2009-02-05 00:27 <DIR> d-------- C:\SOPHTEMP 2009-02-04 23:33 . 2009-02-04 23:33 <DIR> d-------- c:\windows\ERUNT 2009-02-04 23:27 . 2009-02-04 23:39 <DIR> d-------- C:\SDFix 2009-02-03 21:59 . 2009-02-03 22:20 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FarmFrenzy2 2009-02-03 20:53 . 2009-02-03 20:53 <DIR> d-------- c:\program files\7-Zip 2009-02-03 20:49 . 2009-02-03 20:49 <DIR> d-------- c:\program files\EA GAMES 2009-02-03 20:30 . 2009-02-03 20:30 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\PlanetPlayMore 2009-02-03 18:24 . 2009-02-03 18:24 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DivoGames 2009-02-03 17:00 . 2009-02-03 17:00 632 --a------ c:\windows\CoDUO.INI 2009-02-03 16:56 . 2009-02-03 20:11 632 --a------ c:\windows\CoD.INI 2009-02-02 19:11 . 2009-02-02 19:11 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Awem 2009-02-01 21:49 . 2009-02-01 21:49 <DIR> d-------- c:\program files\ReflexiveArcade 2009-01-30 20:18 . 2009-01-30 21:25 <DIR> d-------- c:\program files\Impka 2009-01-30 08:03 . 2009-02-03 16:31 <DIR> d-------- c:\program files\runit 2009-01-30 08:03 . 2009-02-04 18:29 905,670 --a------ c:\windows\xjvrp14857.exe 2009-01-30 08:03 . 2009-02-04 18:29 184,563 --a------ c:\windows\xigr5657.exe 2009-01-30 08:03 . 2009-01-30 08:03 85,289 --a------ c:\windows\system32\cont_blueskyadagency-remove.exe 2009-01-30 08:03 . 2009-01-30 08:03 69,697 --a------ c:\windows\kbffe0705.exe 2009-01-30 08:03 . 2009-01-30 08:03 48,287 --a------ c:\windows\system32\dyjfcomaqcq.exe 2009-01-28 16:06 . 2009-01-28 22:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Playrix Entertainment 2009-01-28 13:34 . 2009-01-28 13:34 <DIR> d-------- c:\program files\DJ2000 Demo 2009-01-28 13:34 . 1999-03-13 22:07 2,344,448 --a------ c:\windows\system32\MMToolsX.OCX 2009-01-28 13:34 . 1999-03-13 14:11 286,720 --a------ c:\windows\system32\MMTypesX.OCX 2009-01-28 13:34 . 2009-01-28 13:37 1,603 --a------ c:\windows\dj2000demo.ini 2009-01-28 13:34 . 2009-01-28 13:37 115 --a------ c:\windows\215TechRemoteAdds.ini 2009-01-27 23:49 . 2009-02-05 21:46 <DIR> d-------- c:\program files\Playrix Games 2009-01-27 23:49 . 2009-01-27 23:49 <DIR> d-------- c:\program files\Playrix Gameplayer 2009-01-27 23:49 . 2009-01-28 16:06 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\PlayrixGamemanager 2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\program files\BFG 2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Trymedia 2009-01-27 17:33 . 2009-01-27 17:33 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TERMINAL Studio 2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\Media Player Classic 2009-01-23 17:57 . 2009-01-23 17:57 <DIR> d-------- c:\program files\Trend Micro 2009-01-21 20:03 . 2009-02-05 23:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-01-21 20:03 . 2009-02-05 12:16 2,415,648 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-21 20:03 . 2009-02-05 21:47 409,632 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-01-21 20:03 . 2009-02-04 18:15 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-01-21 20:03 . 2009-02-04 18:15 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-01-21 20:03 . 2009-02-05 12:16 24,144 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-21 20:03 . 2009-02-05 21:47 6,672 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-01-21 20:02 . 2009-01-21 20:02 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-01-20 20:07 . 2009-01-20 20:07 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-20 20:07 . 2009-01-20 20:07 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-20 09:11 . 2009-01-20 09:11 <DIR> d-------- C:\NVIDIA 2009-01-20 09:11 . 2008-12-26 00:08 206,755 --a------ c:\windows\system32\nvapps.nvb 2009-01-19 13:42 . 2009-01-19 13:42 <DIR> dr-h----- c:\documents and settings\Seba\Dane aplikacji\SecuROM 2009-01-18 15:20 . 2009-01-21 20:11 40 --a------ c:\windows\VI20.set 2009-01-18 14:53 . 2009-01-18 14:53 <DIR> d-------- c:\program files\Common Files\ArcSoft 2009-01-18 14:53 . 2009-01-22 19:08 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\ArcSoft 2009-01-18 14:53 . 2004-12-07 10:11 258,352 --a------ c:\windows\system32\unicows.dll 2009-01-18 14:53 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys 2009-01-18 14:52 . 2009-01-22 19:06 <DIR> d-------- c:\program files\ArcSoft 2009-01-18 14:52 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL 2009-01-18 14:33 . 2009-01-18 14:33 <DIR> d-------- C:\cme-data 2009-01-18 14:22 . 2009-01-18 14:22 <DIR> d-------- c:\program files\Aardvark Digital 2009-01-18 14:22 . 2009-01-18 14:26 1,676 --a------ c:\windows\xGeode.ini 2009-01-18 14:18 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-01-18 14:17 . 2004-08-03 23:10 78,464 --a------ c:\windows\system32\drivers\usbvideo.sys 2009-01-18 14:17 . 2004-08-04 00:44 20,992 --a------ c:\windows\system32\dshowext.ax 2009-01-18 13:07 . 2009-01-18 13:07 <DIR> d-------- c:\windows\system32\Futuremark 2009-01-18 13:07 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys 2009-01-18 13:07 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2009-01-18 13:07 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2009-01-18 13:07 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2009-01-18 13:06 . 2009-01-18 13:06 <DIR> d-------- c:\program files\Futuremark 2009-01-16 09:36 . 2009-01-16 09:36 <DIR> d-------- c:\windows\system32\EVGA 2009-01-13 19:41 . 2009-01-13 19:43 <DIR> d-------- c:\program files\Xfire 2009-01-13 19:41 . 2009-01-13 20:30 <DIR> d-------- c:\documents and settings\Seba\Dane aplikacji\Xfire 2009-01-09 08:14 . 2009-01-09 08:14 <DIR> d-------- c:\windows\EFC1B35CFFF241D8A70ACE6037F8040B.TMP 2009-01-09 08:14 . 2008-01-29 11:53 782,336 -ra------ c:\windows\system32\tmpB1.tmp 2009-01-09 08:14 . 2008-01-29 11:53 782,336 -ra------ c:\windows\system32\tmpB0.tmp 2009-01-07 09:06 . 2009-01-07 18:23 <DIR> d-------- c:\program files\PhotoScape . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-05 20:30 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Skype 2009-02-05 17:37 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-04 23:33 682,280 ----a-w c:\windows\system32\pbsvc.exe 2009-02-04 23:33 446,464 ----a-w c:\windows\system32\NVUNINST.EXE 2009-02-04 23:33 446,464 ----a-w c:\windows\system32\nvudisp.exe 2009-02-04 23:33 442,368 ----a-w c:\windows\system32\nvappbar.exe 2009-02-04 23:33 432,672 ----a-w c:\windows\system32\keystone.exe 2009-02-04 23:33 356,352 ----a-w c:\windows\system32\nvusmb.exe 2009-02-04 23:33 356,352 ----a-w c:\windows\system32\nvunrm.exe 2009-02-04 23:33 143,360 ----a-w c:\windows\system32\nvcolor.exe 2009-02-04 23:33 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe 2009-02-04 17:50 801,312 ----a-w c:\windows\system32\nvcplui.exe 2009-02-04 17:29 966,656 -c--a-w c:\windows\UNNeroVision.exe 2009-02-04 17:28 364,544 -c--a-w c:\windows\RtlUpd.exe 2009-02-04 17:28 315,392 -c--a-w c:\windows\alcupd.exe 2009-02-04 17:28 217,088 -c--a-w c:\windows\alcrmv.exe 2009-02-04 17:28 2,158,592 -c--a-w c:\windows\MicCal.exe 2009-02-04 17:27 --------- d-----w c:\program files\SubEdit-Player 2009-02-04 17:12 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 22:36 --------- d-----w c:\program files\BitComet 2009-01-21 19:03 --------- d-----w c:\program files\Kaspersky Lab 2009-01-20 19:07 --------- d-----w c:\program files\Java 2009-01-20 08:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-19 12:42 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-18 14:06 --------- d-----w c:\program files\FlashGet 2009-01-18 13:52 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-13 11:41 --------- d-----w c:\program files\Common Files\Adobe 2009-01-09 07:14 --------- d-----w c:\program files\OpenAL 2009-01-04 06:32 --------- d-----w c:\program files\OniGames 2008-12-29 20:46 686,080 ----a-w c:\windows\system32\nst148.dll 2008-12-23 23:32 --------- d-----w c:\program files\SystemRequirementsLab 2008-12-23 11:50 --------- d-----w c:\program files\COMODO 2008-12-23 01:21 --------- d-----w c:\program files\Skype 2008-12-20 21:47 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Samsung 2008-12-19 08:23 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-12-19 08:23 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-12-19 07:57 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Gadu-Gadu 2008-12-19 07:54 --------- d-----w c:\program files\Gadu-Gadu 2008-12-19 07:49 --------- d-----w c:\documents and settings\Seba\Dane aplikacji\Nowe Gadu-Gadu 2008-12-19 07:31 --------- d-----w c:\program files\ClocX 2008-12-19 07:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Codemasters 2008-12-19 06:18 --------- d-----w c:\program files\RALINK 2008-12-18 13:46 --------- d-----w c:\program files\NSS 2008-12-18 13:37 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-11 20:38 42,320 ----a-w c:\windows\system32\xfcodec.dll 2008-12-11 15:54 183,112 ----a-w c:\windows\system32\PnkBstrB.exe 2008-12-11 15:54 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-11-28 19:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-11-28 17:56 1,648 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-11-20 02:58 444,952 ----a-w c:\windows\system32\wrap_oal.dll 2008-11-20 02:58 109,080 ----a-w c:\windows\system32\OpenAL32.dll 2008-11-12 08:00 22,328 ----a-w c:\documents and settings\Seba\Dane aplikacji\PnkBstrK.sys 2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll 2008-12-29 20:46 652,288 ----a-w c:\program files\mozilla firefox\components\nsblueskyadagency.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1af50bdc-4e48-3cc0-954d-bdfaf359f793}] 2008-12-29 21:46 686080 --a------ c:\windows\system32\nst148.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-02-04 1667584] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2009-02-04 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-05 206088] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.10\RivaTuner.exe" [2008-08-31 2711552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2009-02-04 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe] "Resume copy"="copyfstq.exe" [2008-09-15 c:\windows\copyfstq.exe] "nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Seba\Menu Start\Programy\Autostart\ RaConfig.exe [2003-09-25 380928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\gry\\Codemasters\\GRID\\GRID.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "14665:TCP"= 14665:TCP:BitComet 14665 TCP "14665:UDP"= 14665:UDP:BitComet 14665 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2008-12-19 51712] S3 3xHybrid;TV-Station DVR service;c:\windows\system32\drivers\3xHybrid.sys [2008-09-29 1121536] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2008-09-19 32377] S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?] . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{4BD91E9A-B7FA-7ED6-5FFE-3434644AC635} - c:\windows\system32\ityeayfvwggzieka.dll HKCU-Run-wsctf.exe - wsctf.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.bearshare.com/pl/ IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm TCP: {2983D0FC-3569-43B9-B347-3E0C2F142C9C} = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Seba\Dane aplikacji\Mozilla\Firefox\Profiles\wahsobfk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q= FF - component: c:\documents and settings\Seba\Dane aplikacji\Mozilla\Firefox\Profiles\wahsobfk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll FF - component: c:\program files\Mozilla Firefox\components\nsblueskyadagency.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-05 23:16:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide] "ImagePath"="\??\c:\docume~1\Seba\USTAWI~1\Temp\ASFWHide" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1454471165-1078145449-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:6c,e0,d9,51,6d,4a,47,d3,22,fe,4a,f0,0c,8d,25,d2,01,09,73,6e,d7, ab,7f,49,c6,23,37,7c,ee,96,f5,1b,82,c4,d0,08,06,3d,1a,ed,b5,3e,bc,36,c5,9c,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\savedump.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe c:\documents and settings\Seba\Menu Start\Programy\Autostart\RaConfig.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe . ************************************************************************** . Czas ukończenia: 2009-02-05 23:18:43 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-05 22:18:41 Przed: 2 542 538 752 bajtów wolnych Po: 5,098,053,632 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 301

Hijackthis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:28:18, on 2009-02-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\Seba\Menu Start\Programy\Autostart\RaConfig.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: blueskyadagency - {1af50bdc-4e48-3cc0-954d-bdfaf359f793} - C:\WINDOWS\system32\nst148.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.10\RivaTuner.exe" /S O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RaConfig.exe O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{2983D0FC-3569-43B9-B347-3E0C2F142C9C}: NameServer = 192.168.0.1 O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6502 bytes

Dodano Dzisiaj, 16:32:
Hmmm , czy byłby ktos tak łaskawy i spojrzał na moje logi bo nie wiem co dalej robić

Dodano Dzisiaj, 08:49:
Zamykam ten temat ! Niestety nie mam tu komu podziękować i jest mi trochę przykro ze nikt nie chciał mi pomóc z tym problemem . W ostateczności sam sobie pomogłem FORMAT:(