Wwdc i tajemniczy komunikat

[kepa416]

Witam dziś uruchomiłem wwdc i wszystkie porty są zaznaczone na zielono sprawdzałem log z hj i skanowałem komputer. Czy może to byś fałszywe zgłoszenie albo jakiś błąd programu. ?

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

[kepa416]

Kod: Zaznacz wszystko

ComboFix 09-02-26.02 - kepa416 2009-02-27 15:47:34.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1536 [GMT 1:00]
Uruchomiony z: f:\moje\Programy\system\bezpiecz\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-27 do 2009-02-27  )))))))))))))))))))))))))))))))
.

2009-02-27 15:36 . 2009-02-27 15:36   142   --a------   c:\windows\system32\spupdsvc.inf
2009-02-27 15:35 . 2009-02-27 15:35   <DIR>   d--------   c:\windows\LastGood
2009-02-27 14:46 . 2008-10-16 14:06   268,648   --a------   c:\windows\system32\mucltui.dll
2009-02-27 14:46 . 2008-10-16 14:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2009-02-27 13:56 . 2009-02-27 13:56   <DIR>   d--------   c:\program files\ASUS
2009-02-27 13:56 . 2006-01-10 16:50   24,576   --a------   c:\windows\system32\AsIO.dll
2009-02-27 13:56 . 2005-12-22 10:22   5,685   --a------   c:\windows\system32\drivers\AsIO.sys
2009-02-27 07:07 . 2008-06-20 12:51   361,600   -----c---   c:\windows\system32\dllcache\tcpip.sys
2009-02-26 15:54 . 2009-02-26 15:54   <DIR>   d--------   c:\program files\ESET
2009-02-26 15:54 . 2009-02-26 15:54   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ESET
2009-02-26 08:50 . 2009-02-26 08:50   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\id Software
2009-02-26 08:49 . 2009-02-26 08:49   22,328   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-26 08:48 . 2009-02-26 08:48   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\id Software
2009-02-26 08:48 . 2009-02-26 08:48   2,246,144   --a------   c:\windows\system32\pbsvc.exe
2009-02-26 08:48 . 2009-02-26 08:48   107,832   --a------   c:\windows\system32\PnkBstrB.exe
2009-02-26 08:48 . 2009-02-26 08:48   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2009-02-24 22:01 . 2009-02-24 22:01   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\atitray
2009-02-22 00:08 . 2009-02-27 07:14   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\skypePM
2009-02-22 00:08 . 2009-02-22 00:08   32   --a------   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2009-02-22 00:07 . 2009-02-27 07:18   <DIR>   dr-------   c:\program files\Skype
2009-02-22 00:07 . 2009-02-22 00:07   <DIR>   d--------   c:\program files\Common Files\Skype
2009-02-22 00:07 . 2009-02-27 07:19   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\Skype
2009-02-22 00:07 . 2009-02-22 00:07   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-21 16:11 . 2009-02-27 15:06   28,094   --a------   c:\windows\system32\oodbs.lor
2009-02-19 08:34 . 2009-02-27 14:10   25,992   --a------   c:\windows\system32\pgdfgsvc.exe
2009-02-16 16:52 . 2009-02-26 19:49   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\EQ_DATA
2009-02-15 21:52 . 2009-02-15 21:52   <DIR>   d--------   c:\program files\Common Files\HP
2009-02-15 21:51 . 2009-02-15 21:52   <DIR>   d--------   c:\program files\Hewlett-Packard
2009-02-15 21:48 . 2009-02-15 21:52   <DIR>   d--------   c:\program files\HP
2009-02-15 21:47 . 2009-02-15 21:56   120,250   --a------   c:\windows\hpoins11.dat
2009-02-15 21:39 . 2009-02-15 21:39   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\HP
2009-02-15 21:39 . 2009-02-15 21:39   221   --a------   c:\windows\NCLogConfig.ini
2009-02-15 21:32 . 2009-02-15 21:32   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\HP
2009-02-05 21:50 . 2009-02-05 21:50   42,320   --a------   c:\windows\system32\xfcodec.dll
2009-02-04 20:29 . 2009-02-04 20:29   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\Leadertech
2009-02-04 15:18 . 2009-02-04 15:18   <DIR>   d--------   c:\program files\Electronic Arts
2009-02-04 15:18 . 2009-02-04 15:18   1,302   --a------   c:\windows\system32\ealregsnapshot1.reg
2009-02-03 16:27 . 2009-02-03 16:27   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-03 16:26 . 2009-02-03 16:26   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-02-02 21:06 . 2009-02-02 21:06   <DIR>   d--------   c:\windows\ERUNT
2009-02-01 14:55 . 2009-02-01 14:55   <DIR>   d--------   c:\documents and settings\kepa416\Dane aplikacji\HEXelon
2009-02-01 12:45 . 2009-02-01 12:45   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-01-31 17:48 . 2009-01-31 17:48   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-01-31 17:45 . 2009-01-31 17:45   <DIR>   d--------   C:\ATI
2009-01-31 17:45 . 2009-01-13 21:05   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-01-28 00:20 . 2009-01-28 00:20   <DIR>   d--------   c:\program files\Real Alternative
2009-01-27 22:52 . 2009-01-27 22:52   <DIR>   d--------   c:\program files\Common Files\INCA Shared
2009-01-27 22:52 . 2003-07-21 04:17   5,174   --a------   c:\windows\system32\nppt9x.vxd
2009-01-27 22:52 . 2005-01-04 19:43   4,682   --a------   c:\windows\system32\npptNT2.sys
2009-01-27 21:26 . 2009-02-15 21:49   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\TrackMania
2009-01-27 00:05 . 2009-01-27 00:05   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2009-01-27 00:05 . 2008-09-16 20:23   168,448   --a------   c:\windows\system32\unrar.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 14:36   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-27 14:34   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\uTorrent
2009-02-27 13:44   ---------   d-----w   c:\program files\Mozilla Thunderbird
2009-02-27 13:06   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Xfire
2009-02-27 12:56   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-26 07:49   22,328   ----a-w   c:\documents and settings\kepa416\Dane aplikacji\PnkBstrK.sys
2009-02-25 19:05   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\gtk-2.0
2009-02-17 17:34   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\BESTplayer
2009-02-16 18:52   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Ventrilo
2009-02-05 22:46   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Comodo
2009-02-01 11:45   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-02-01 11:45   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\InstallShield
2009-01-31 16:48   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\ATI
2009-01-31 16:46   ---------   d-----w   c:\program files\ATI Technologies
2009-01-28 20:22   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\teamspeak2
2009-01-27 21:25   ---------   d-----w   c:\program files\MSBuild
2009-01-27 12:20   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Winamp
2009-01-24 23:43   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Disney Interactive Studios
2009-01-24 23:42   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2009-01-24 15:23   ---------   d-----w   c:\program files\Debugging Tools for Windows (x86)
2009-01-20 17:12   ---------   d-----w   c:\program files\OO Software
2009-01-19 09:59   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-01-17 02:30   219,648   ----a-w   c:\windows\system32\uxtheme.dll
2009-01-17 01:44   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Styler
2009-01-16 16:46   ---------   d-----w   c:\program files\ZTE ZXDSL 852
2009-01-15 21:04   ---------   d-----w   c:\program files\p-nand-q.com
2009-01-14 07:14   3,455,488   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 05:46   11,591,680   ----a-w   c:\windows\system32\atioglxx.dll
2009-01-14 04:53   286,720   ----a-w   c:\windows\system32\atiok3x2.dll
2009-01-14 04:49   425,984   ----a-w   c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47   323,584   ----a-w   c:\windows\system32\ati2dvag.dll
2009-01-14 04:36   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36   196,608   ----a-w   c:\windows\system32\atipdlxx.dll
2009-01-14 04:36   151,552   ----a-w   c:\windows\system32\Oemdspif.dll
2009-01-14 04:35   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-01-14 04:35   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-01-14 04:34   598,016   ----a-w   c:\windows\system32\ati2evxx.exe
2009-01-14 04:32   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22   4,009,152   ----a-w   c:\windows\system32\ati3duag.dll
2009-01-14 04:05   2,500,224   ----a-w   c:\windows\system32\ativvaxx.dll
2009-01-14 03:50   48,640   ----a-w   c:\windows\system32\amdpcom32.dll
2009-01-14 03:45   401,408   ----a-w   c:\windows\system32\atikvmag.dll
2009-01-14 03:44   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-01-14 03:44   110,592   ----a-w   c:\windows\system32\atiadlxx.dll
2009-01-14 03:43   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2009-01-14 03:37   577,536   ----a-w   c:\windows\system32\ati2cqag.dll
2009-01-14 03:37   307,200   ----a-w   c:\windows\system32\atiiiexx.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalrt.dll
2009-01-14 02:36   45,056   ----a-w   c:\windows\system32\amdcalcl.dll
2009-01-14 02:34   3,227,648   ----a-w   c:\windows\system32\Amdcaldd.dll
2009-01-05 01:05   ---------   d-----w   c:\documents and settings\NetworkService\Dane aplikacji\HP
2009-01-05 01:04   ---------   d-----w   c:\program files\Common Files\Hewlett-Packard
2009-01-04 15:12   ---------   d-----w   c:\program files\Microsoft.NET
2009-01-04 15:12   ---------   d-----w   c:\program files\Microsoft Works
2009-01-04 15:10   ---------   d-----w   c:\program files\Microsoft Visual Studio 8
2009-01-02 23:53   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Media Player Classic
2009-01-02 20:01   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\PopCap Games
2008-12-30 19:03   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-30 03:27   ---------   d-----w   c:\program files\Reference Assemblies
2008-12-29 22:59   315,392   ----a-w   c:\windows\HideWin.exe
2008-12-29 22:59   ---------   d-----w   c:\program files\Realtek
2008-12-29 20:47   ---------   d-----w   c:\program files\MSXML 4.0
2008-12-29 19:49   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\GRETECH
2008-12-29 16:57   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\LightScribe
2008-12-29 16:34   ---------   d-----w   c:\program files\Common Files\LightScribe
2008-12-29 16:33   ---------   d-----w   c:\program files\Common Files\Ahead
2008-12-29 16:33   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Ahead
2008-12-29 16:33   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Ahead
2008-12-29 16:31   ---------   d-----w   c:\program files\Nero
2008-12-29 16:31   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-29 16:03   ---------   d-----w   c:\program files\Intel
2008-12-29 15:37   410,984   ----a-w   c:\windows\system32\deploytk.dll
2008-12-29 15:37   ---------   d-----w   c:\program files\Java
2008-12-29 15:31   ---------   d-----w   c:\program files\Razer
2008-12-29 15:31   ---------   d-----w   c:\program files\DIFX
2008-12-29 15:30   ---------   d-----w   c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2008-12-29 15:26   ---------   d-----w   c:\documents and settings\kepa416\Dane aplikacji\Thunderbird
2008-12-29 15:16   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-29 15:15   ---------   d-----w   c:\program files\Usługi online
2008-12-29 15:13   ---------   d-----w   c:\program files\Windows Media Connect 2
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="d:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-02-24 4879360]
"AutoConnect"="d:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"AdslTaskBar"="stmctrl.dll" [2006-09-25 c:\windows\system32\stmctrl.dll]

c:\documents and settings\kepa416\Menu Start\Programy\Autostart\
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-02-05 3008336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-29 93696]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-12-29 22784]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-01-16 57600]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-01-16 685693]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-12-29 22752]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-12-29 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
TCP: {25C4F181-B943-45D3-9F21-9B52A91F1DD7} = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\kepa416\Dane aplikacji\Mozilla\Firefox\Profiles\21tsvm33.default\
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 15:48:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C0B103DA1191D092CFC9C5CF48AA2CD520401EC54E45521F38983433696D7450138CD3B0DB4DBFEB94AD9D6E64AE4BBE0F4F3A8EC8D31F5C5B3FAA3BF5964360FDD9A0222FDEE28CDF5F672B4B6B02AE14A4618F84DE3C5AAB0F9039D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB345293796FFA1F732C39B3DC5A6B02F004739F0D1CA45D139B728FC841B6026F8686D7CC693EA35336487B177F414958CD7C933AC7949D79DC7E7E3CB151903FD7BEEB0C075E3D776FD5A9855C81A506AB1BCEFEE20A48B7E0DAAA72F88771B36C900BA7168E6FF0C4B756FE848E8B42E127663FE7BBD871E08242771400CD6A103724F4BB873474390C4B43DFD3E07A443FA1BEA2E144EC2633ACBAD56348A2A331D82BEB83775ADFB209F12A3A7DC23E43FCAAB33B711591EF030F63E2F3401CC1806773421CA063CE4412F135B1CFCE59A91010093B79157D922C372F594B016F25AA6F08F5E78048618B9C393E7B076A8C6182116F4D37675D2D1F7FF3EEED868457D41D4E7409CDFE2DE0BDDA438D23BE74A41D5266167B19923B0FB3FB1515123769CB62B0E14CEA27CB40AE4A9C750A84697A1C3F5F4B2F3E041D7CE5B86F74F747E4E2A7037AA90E3CC15BD48295713093FBF5F8552CBB79416A274432AC06275DBAF50CFB4FF1DDE4C56F4EA27DA8F8BE75FE54503A12EC113F7FD36DA6D43B6FA6B1B06C86AF73505573C4F169194655424A393C53B72BE4E5C5736A7CA48B928326100B21818ED7FDDFE77BDBDC61193EDFB19798E3A404AB2C29BE14EAD5343054462063BC552CCEA38FDB18C67A9ECC396EF4F007338665DC1A9111D13910122E158854E751505EA0B547295BA1CE52C7417D07C011DA68F3141F6138BA3B8E20E036403FEF9D43ACF683DB524EE5396B9FEA47685D438F7F8538B1B1411B9305B1AFB930833E1C9196EAC0185CF4EFFDA60D64859C5539058441F7051CEB8EAF360B12603F34080E7A6A2DCC8761E549944755D6B4FA497DC53169A9793A75E3BEF862A73FD02CD32A07B9C674E3928C4C8FD4CC727024D1A89501516E6BBD5A3F39070F7E3C3188D654C40DA709EE7A54F3DE8E8449B6E42B107F5D7334E4C051209F58DFF3C4C650FD6EDB0D31783AD711B7F3FDEA6E8971D0E5E365A0E9B8329811F5A8C5169B0D429C25F21131E6269BE38CD60F3E88C3A3FC30830FCF56431F83908057DA0B2773788B0AB19E8F315AAE176A439D1D0D64CFC072319FA307456282779E4A095C76ED6AEAEF4BB79128A68BF8E806775E02AD48BB10639B282FDEDBFDE8A2808E47AF4B0FFC43D500769C932437753BEA01A8AB4A842C3174986B606854244F437332F0D45D"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-02-27 15:48:39
ComboFix-quarantined-files.txt  2009-02-27 14:48:38

Przed: 12 748 935 168 bajtów wolnych
Po: 12,738,191,360 bajtów wolnych

214   --- E O F ---   2009-02-27 14:04:12


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:07:28, on 2009-02-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\AutoConnect\AutoConnect.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
D:\Program Files\WapSter\WapSter AQQ\AQQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
F:\MOJE\Programy\system\bezpiecz\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AQQ] D:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe
O4 - HKCU\..\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C4F181-B943-45D3-9F21-9B52A91F1DD7}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 3827 bytes


Kod: Zaznacz wszystko

[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-02-28 at 03:11

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 03:19:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="C0B103DA1191D092CFC9C5CF48AA2CD520401EC54E45521F38983433696D7450138CD3B0DB4DBFEB94AD9D6E64AE4BBE0F4F3A8EC8D31F5C5B3FAA3BF5964360FDD9A0222FDEE28CDF5F672B4B6B02AE14A4618F84DE3C5AAB0F9039D6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB345293796FFA1F732C39B3DC5A6B02F004739F0D1CA45D139B728FC841B6026F8686D7CC693EA35336487B177F414958CD7C933AC7949D79DC7E7E3CB151903FD7BEEB0C075E3D776FD5A9855C81A506AB1BCEFEE20A48B7E0DAAA72F88771B36C900BA7168E6FF0C4B756FE848E8B42E127663FE7BBD871E08242771400CD6A103724F4BB873474390C4B43DFD3E07A443FA1BEA2E144EC2633ACBAD56348A2A331D82BEB83775ADFB209F12A3A7DC23E43FCAAB33B711591EF030F63E2F3401CC1806773421CA063CE4412F135B1CFCE59A91010093B79157D922C372F594B016F25AA6F08F5E78048618B9C393E7B076A8C6182116F4D37675D2D1F7FF3EEED868457D41D4E7409CDFE2DE0BDDA438D23BE74A41D5266167B19923B0FB3FB1515123769CB62B0E14CEA27CB40AE4A9C750A84697A1C3F5F4B2F3E041D7CE5B86F74F747E4E2A7037AA90E3CC15BD48295713093FBF5F8552CBB79416A274432AC06275DBAF50CFB4FF1DDE4C56F4EA27DA8F8BE75FE54503A12EC113F7FD36DA6D43B6FA6B1B06C86AF73505573C4F169194655424A393C53B72BE4E5C5736A7CA48B928326100B21818ED7FDDFE77BDBDC61193EDFB19798E3A404AB2C29BE14EAD5343054462063BC552CCEA38FDB18C67A9ECC396EF4F007338665DC1A9111D13910122E158854E751505EA0B547295BA1CE52C7417D07C011DA68F3141F6138BA3B8E20E036403FEF9D43ACF683DB524EE5396B9FEA47685D438F7F8538B1B1411B9305B1AFB930833E1C9196EAC0185CF4EFFDA60D64859C5539058441F7051CEB8EAF360B12603F34080E7A6A2DCC8761E549944755D6B4FA497DC53169A9793A75E3BEF862A73FD02CD32A07B9C674E3928C4C8FD4CC727024D1A89501516E6BBD5A3F39070F7E3C3188D654C40DA709EE7A54F3DE8E8449B6E42B107F5D7334E4C051209F58DFF3C4C650FD6EDB0D31783AD711B7F3FDEA6E8971D0E5E365A0E9B8329811F5A8C5169B0D429C25F21131E6269BE38CD60F3E88C3A3FC30830FCF56431F83908057DA0B2773788B0AB19E8F315AAE176A439D1D0D64CFC072319FA307456282779E4A095C76ED6AEAEF4BB79128A68BF8E806775E02AD48BB10639B282FDEDBFDE8A2808E47AF4B0FFC43D500769C932437753BEA01A8AB4A842C3174986B606854244F437332F0D45D"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="D:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe:*:Enabled:AQQ"
"D:\\Program Files\\Xfire\\Xfire.exe"="D:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Thu  8 May 2008       622,080 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Fri 27 Feb 2009   170,697,558 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\97de84be36b27af6e66a0586433cda52\BIT42.tmp"

[b]Finished![/b]



[wojtas]

czysto:

Picasso z forum Searchengines.pl napisał(a):Komunikat tego "błędu" to zawiadomienie iż jest wielce prawdopodobna infekcja gdyż zarezerwowana pamięć dla SVCHOST przekroczyła dopuszczalne limity i wygląda iż w pamięci siedzi zamaskowany skurczybyk..... Zalecany skan. I cóż ci mogę poradzić?! Tej ewentualności NIESTETY nie mogę wykluczyć i trza przeorać kompa na amen czym tylko się da. (...) Z drugiej strony ja w TYM temacie kamie wyjaśniłam iż detekcja tylko po rozmiarze pamięci jest ułomna i nie może być wyznacznikiem obcego szkodliwego ciała w memory bo może tam siedzieć .... sterownik a nie wir. Wprawdzie temat kamy pyta o pewną wariację problemu i inny typ pamięci ale chodzi o sam fakt oceniania wg formuły sajzu.

Poza tym sam WWDC miał kiedyś detekcję svchost RAM usage check, którą .... usunięto (zgadnij dlaczego Język ) a limit dla svchost virtual memory usage check zwiększono (znów zgadnij dlaczego Język ). Wniosek: to tylko przypuszczenia programu a nie pewność czy fakt!

[kepa416]

Teza wysunięta prawidło ale po skanowaniu SDfix brak komunikatu