[log] podejrzewam wirusa

**Posty:** 223 · przez **Tujus** 31 Sie 2008, 18:39

Witam, szperajac cos w internecie kliknalem na jakis obrazek i przenislo mnie do sciagania. Oczywiscie niczego nie sciagnalem, ale czy istnieje podobienstwo zakazenia komputera?

Log z HJ

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:11, on 2008-08-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\Konnekt\konnekt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Usluga iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 4608 bytes

Dzieki za pomoc

**Posty:** 684 · przez **djarta** 31 Sie 2008, 19:13

Log jest OK!

Ściągnij -----> ComboFixa,przeskanuj daj log.

=======================
K.

**Posty:** 223 · przez **Tujus** 31 Sie 2008, 19:33

Jakies dziwne rzeczy mi sie dzialy podczas skanu (np znikanie pasku startu,itp). Nie wiem czy to normalne, ale mniejsza z tym, oto log:

Kod: Zaznacz wszystko: ComboFix 08-08-30.03 - tomek 2008-08-31 18:26:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.368 [GMT 1:00] Running from: C:\Documents and Settings\tomek\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\tomek\Application Data\macromedia\Flash Player\#SharedObjects\7E8X94WX\bin.clearspring.com C:\Documents and Settings\tomek\Application Data\macromedia\Flash Player\#SharedObjects\7E8X94WX\bin.clearspring.com\clearspring.sol C:\Documents and Settings\tomek\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\tomek\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\WINDOWS\system32\addfdbef5_z.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))) . 2008-08-31 17:36 . 2008-08-31 17:36 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 16:54 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-08-26 22:49 . 2008-08-26 22:53 <DIR> d-------- C:\Program Files\WinHex 2008-08-18 17:28 . 2008-08-18 17:51 <DIR> d-------- C:\Documents and Settings\tomek\Application Data\Tibia 2008-08-18 17:26 . 2008-08-18 17:26 <DIR> d-------- C:\Program Files\Tibia 2008-08-17 18:19 . 2008-08-17 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm 2008-08-17 18:18 . 2008-08-17 18:18 <DIR> d-------- C:\Program Files\Last.fm 2008-08-17 17:43 . 2008-08-17 17:43 <DIR> d-------- C:\Program Files\Winamp 2008-08-17 17:43 . 2008-08-17 17:44 <DIR> d-------- C:\Documents and Settings\tomek\Application Data\Winamp 2008-08-14 18:37 . 2008-08-14 18:37 <DIR> d-------- C:\Documents and Settings\tomek\Application Data\Apple Computer 2008-08-14 18:36 . 2008-08-14 18:50 <DIR> d-------- C:\Program Files\iTunes 2008-08-14 18:36 . 2008-08-14 18:36 <DIR> d-------- C:\Program Files\iPod 2008-08-14 18:36 . 2008-08-14 18:36 <DIR> d-------- C:\Program Files\Bonjour 2008-08-14 18:35 . 2008-08-14 18:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-14 18:35 . 2008-08-14 18:36 <DIR> d-------- C:\Program Files\QuickTime 2008-08-14 18:35 . 2008-08-14 18:35 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-08-14 18:35 . 2008-08-14 18:35 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-14 18:35 . 2008-08-14 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-14 18:35 . 2008-08-14 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-14 18:35 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-08-10 22:30 . 2008-08-10 22:30 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Program Files\Real Alternative 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Program Files\Media Player Classic 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Documents and Settings\tomek\Application Data\Media Player Classic 2008-08-10 17:37 . 2008-08-10 17:37 <DIR> d-------- C:\Documents and Settings\tomek\Application Data\DivX 2008-08-09 19:28 . 2008-08-09 19:28 <DIR> d-------- C:\Program Files\MSBuild 2008-08-09 19:17 . 2008-08-09 19:17 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-08-09 19:16 . 2008-08-09 19:16 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-08-09 19:16 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-08-09 19:13 . 2008-08-09 19:34 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-08-09 19:09 . 2008-08-09 19:28 <DIR> d-------- C:\Program Files\jMEnc 2008-08-09 16:05 . 2008-08-09 16:05 <DIR> d-------- C:\Program Files\DivX 2008-07-25 09:36 . 2008-07-25 09:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 09:36 . 2008-07-25 09:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 17:50 . 2008-07-23 17:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 17:48 . 2008-07-23 17:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 17:48 . 2008-07-23 17:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 17:47 . 2008-07-23 17:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax 2008-07-23 17:47 . 2008-07-23 17:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-07-23 17:47 . 2008-07-23 17:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-07-23 17:47 . 2008-07-23 17:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-07-23 17:46 . 2008-07-23 17:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-23 13:12 . 2008-07-23 13:12 376 --a------ C:\WINDOWS\ODBC.INI 2008-07-23 13:11 . 2008-07-23 13:11 <DIR> d-------- C:\WINDOWS\ShellNew 2008-07-23 13:11 . 2008-07-23 13:11 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-07-20 09:30 . 2008-07-20 09:30 <DIR> d-------- C:\Program Files\EA GAMES 2008-07-20 09:30 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2008-07-19 16:59 . 2008-07-19 16:59 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-07-18 22:34 . 2008-07-18 22:45 <DIR> d-------- C:\Program Files\Valve 2008-07-17 17:35 . 2008-07-17 17:36 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008 2008-07-17 17:31 . 2008-07-17 17:31 23 --a------ C:\WINDOWS\system32\fefc4_z.ocx 2008-07-17 11:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-07-17 11:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-07-17 11:37 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2008-07-17 11:37 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll 2008-07-17 11:37 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll 2008-07-17 11:33 . 2005-12-09 02:03 71,168 --a------ C:\WINDOWS\system32\E_FLBBEE.DLL 2008-07-17 11:33 . 2005-04-11 02:01 62,976 --a------ C:\WINDOWS\system32\E_FD4BBEE.DLL 2008-07-17 11:33 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL 2008-07-17 11:31 . 2008-07-17 11:33 <DIR> d-------- C:\Program Files\EPSON 2008-07-17 11:31 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-07-17 11:31 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-07-15 01:11 . 2008-07-15 10:58 23 --a------ C:\WINDOWS\BlendSettings.ini 2008-07-15 01:09 . 2008-07-15 01:09 <DIR> d-------- C:\Documents and Settings\tomek\Moje dokumenty 2008-07-15 00:59 . 2008-07-15 00:59 <DIR> d-------- C:\Program Files\Bethesda Softworks 2008-07-15 00:33 . 2008-07-15 00:33 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-15 00:33 . 2008-07-15 00:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-07-15 00:32 . 2008-07-15 00:35 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-15 00:20 . 2008-07-15 00:24 <DIR> d-------- C:\Fraps 2008-07-15 00:20 . 2008-08-30 19:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-15 00:05 . 2008-07-15 00:25 <DIR> d-------- C:\Program Files\Morrowind 2008-07-14 22:33 . 2008-08-17 17:40 <DIR> d-------- C:\Program Files\AIMP2 2008-07-14 22:21 . 2008-07-14 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\stamina 2008-07-14 22:15 . 2008-07-14 22:15 <DIR> d-------- C:\Program Files\Konnekt 2008-07-14 21:35 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg 2008-07-14 21:35 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg 2008-07-14 21:34 . 2008-07-14 21:34 <DIR> d-------- C:\Program Files\ESET 2008-07-14 21:34 . 2008-07-14 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-14 21:19 . 2008-07-14 21:19 <DIR> d---s---- C:\Documents and Settings\tomek\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 15:54 --------- d-----w C:\Program Files\Java 2008-07-23 16:50 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-07-23 16:50 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-18 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-14 23:59 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-14 19:59 --------- d-----w C:\Program Files\Opera 2008-07-14 19:48 17,119 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-07-14 19:48 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor 2008-07-14 19:44 --------- d-----w C:\Documents and Settings\tomek\Application Data\ATI 2008-07-14 19:41 --------- d-----w C:\Program Files\ATI Technologies 2008-07-14 19:16 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF 2008-07-14 19:16 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF 2008-07-14 19:16 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF 2008-07-14 19:16 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF 2008-07-14 19:16 20,152 ----a-w C:\WINDOWS\system32\drivers\INFCACHE.1 2008-07-14 19:16 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF 2008-07-14 19:16 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF 2008-07-14 19:16 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF 2008-07-14 18:35 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-14 18:33 --------- d-----w C:\Program Files\Common Files\Java 2008-07-14 18:23 --------- d-----w C:\Program Files\Windows Plus 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:12 667,136 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:36 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 22:41 503808] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 20:08 16050688 C:\WINDOWS\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Konnekt\\konnekt.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11] R2 WUSB54Gv4SVC;WUSB54Gv4SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv4.exe [] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-10 20:00] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 18:29:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-31 18:30:44 ComboFix-quarantined-files.txt 2008-08-31 17:30:28 Pre-Run: 219,336,458,240 bytes free Post-Run: 219,456,974,848 bytes free 204 --- E O F --- 2008-08-14 23:11:19

**Posty:** 684 · przez **djarta** 31 Sie 2008, 19:37

ComboFix usunął infekcję, i więcej nic nie ma.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

=========================
K.

**Posty:** 223 · przez **Tujus** 31 Sie 2008, 21:24

Zrobilem wszystkie zalecane polecenia. Ponizej zamieszczam skan z kasperskeigo:

Kod: Zaznacz wszystko: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 31 sierpień 2008 20:19:34 System operacyjny: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.1 Ostatnia aktualizacja Kaspersky Anti-Virus31/08/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus1172153 ------------------------------------------------------------------------------- Ustawienia skanowania: Skanowanie przy użyciu następujących baz danych: rozszerzone Skanuj archiwa: tak Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Statystyki skanowania: Liczba skanowanych obiektów: 56770 Liczba wykrytych wirusów: 1 Liczba zainfekowanych obiektów: 3 Liczba podejrzanych obiektów: 0 Czas trwania skanowania: 01:09:57 Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked pominięty C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked pominięty C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked pominięty C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\tomek\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe/data0000.cab/file.exe Zainfekowanych: Backdoor.Win32.Nuclear.di pominięty C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe/data0000.cab Zainfekowanych: Backdoor.Win32.Nuclear.di pominięty C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe Rsrc-Package: zainfekowany - 2 pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\indexer\indexer.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\indexer\indexer.bx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\indexer\message_id Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\lexicon\lexicon.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\lexicon\lexicon.bx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\mail\omailbase.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0000\adoc.bx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0000\md.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0000\url.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0000\w.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0000\wb.vx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0001\adoc.bx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0001\md.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0001\url.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0001\w.ax Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Application Data\Opera\Opera\profile\vps\0001\wb.vx Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\History\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Temp\Perflib_Perfdata_874.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Temp\Perflib_Perfdata_de4.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Temp\Perflib_Perfdata_df8.dat Object is locked pominięty C:\Documents and Settings\tomek\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\tomek\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\tomek\ntuser.dat.LOG Object is locked pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information\_restore{F471FEB8-D80C-44BF-A5F6-2796913F536E}\RP138\change.log Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DCBBB84D-4516-441F-BA9C-6A448D55DBF0}.crmlog Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\Sti_Trace.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty C:\WINDOWS\system32\config\ACEEvent.evt Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\Media Ce.evt Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\wiadebug.log Object is locked pominięty C:\WINDOWS\wiaservc.log Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty Proces skanowania został zakończony.

Teraz skan z FixIEDef:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.5.5.6050 * * * ******************************************************************************** Created at 20:21:13 on Sunday, August 31, 2008 Time Zone : (GMT) Greenwich Mean Time : Dublin, Edinburgh, Lisbon, London Logged On User : tomek Operating System : Microsoft Windows XP Professional Service Pack 2 OS Version : 5.1.2600 System Langauge : English (United States) Keyboard Layout : English (United States) Processor : X86 Intel(R) Pentium(R) D CPU 2.80GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 Total Physical Memory : 1047084 KB Free Physical Memory : 546948 KB Total Virtual Memory : 2097024 KB Free Virtual Memory : 2021924 KB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 8001 · przez **Okocza** 31 Sie 2008, 21:32

czysto

**Posty:** 223 · przez **Tujus** 31 Sie 2008, 21:33

A to ze skanera kasperskiego?

Liczba wykrytych wirusów: 1
Liczba zainfekowanych obiektów: 3

**Posty:** 8001 · przez **Okocza** 31 Sie 2008, 21:36

wszystko do pirackich wersji programów..

**Posty:** 18165 · przez **wojtas** 31 Sie 2008, 21:38

C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe/data0000.cab/file.exe
C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe/data0000.cab
C:\Documents and Settings\tomek\Desktop\Ashampoo Burning Studio v8.02 + Keygen\ashampoo_burningstudio802_sm.exe

skasuj folder keygen...

Kto jest na forum