• Ogłoszenie:

Some dangerous viruses detected in your system.

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Some dangerous viruses detected in your system.

Postprzez sawio 24 Lis 2008, 15:54

reklama
itam mam taki problem jak wchodze na dysk wyskakuej mi cos takiego

Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to destruction of important files in F:\Windows. Download protection software now, z możliwością wyboru yes lub no, obojętnie czego bym nie wybrał kieruje mnie na stronę z której można pobrać program który sam jest wirusem.(czesto wyskakuje ten komunikat i zaobserwoalem strasznie wolna prace komputera)
Oto log
Kod: Zaznacz wszystko
((((((((((((((((((((((((   Pliki utworzone od 2008-10-24 do 2008-11-24  )))))))))))))))))))))))))))))))
.

2008-11-24 09:15 . 2008-11-24 09:15   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\HEXelon
2008-11-24 08:37 . 2008-11-24 08:37   98,304   --a------   f:\windows\system32\dazsax.dll
2008-11-24 08:37 . 2008-11-24 08:37   34,494   --a------   f:\windows\system32\m2.ico
2008-11-19 22:32 . 2008-11-19 22:32   <DIR>   d--------   f:\program files\Common Files\HP
2008-11-19 22:31 . 2008-11-19 22:31   <DIR>   d--------   f:\program files\Hewlett-Packard
2008-11-19 22:30 . 2008-11-19 22:30   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji\HP
2008-11-19 22:29 . 2005-03-08 18:22   51,120   -ra------   f:\windows\system32\drivers\HPZid412.sys
2008-11-19 22:29 . 2005-05-10 20:49   37,376   --a------   f:\windows\system32\hpz3l3xu.dll
2008-11-19 22:29 . 2004-08-03 23:08   31,616   --a------   f:\windows\system32\drivers\usbccgp.sys
2008-11-19 22:29 . 2005-03-08 18:22   16,496   -ra------   f:\windows\system32\drivers\HPZipr12.sys
2008-11-19 22:25 . 1998-10-29 16:45   306,688   --a------   f:\windows\IsUninst.exe
2008-11-19 22:25 . 2004-09-29 12:12   278,584   --a------   f:\windows\system32\HPZidr12.dll
2008-11-19 22:25 . 2004-09-29 12:15   204,800   --a------   f:\windows\system32\HPZipr12.dll
2008-11-19 22:25 . 2004-09-29 12:09   94,208   --a------   f:\windows\system32\HPZipt12.dll
2008-11-19 22:25 . 2004-09-29 12:14   69,632   --a------   f:\windows\system32\HPZipm12.exe
2008-11-19 22:25 . 2004-09-29 12:08   61,440   --a------   f:\windows\system32\HPZinw12.exe
2008-11-19 22:25 . 2004-09-29 12:09   57,344   --a------   f:\windows\system32\HPZisn12.dll
2008-11-19 22:17 . 2008-11-19 22:33   <DIR>   d--------   f:\program files\HP
2008-11-19 22:17 . 2004-08-03 23:01   25,856   --a------   f:\windows\system32\drivers\usbprint.sys
2008-11-19 22:15 . 2008-11-19 22:15   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\HP
2008-11-19 22:15 . 2008-11-19 22:34   81,531   --a------   f:\windows\hpfins05.dat
2008-11-19 22:15 . 2005-05-27 18:48   1,547   ---------   f:\windows\hpfmdl05.dat
2008-11-16 22:00 . 2008-11-16 22:00   <DIR>   d--------   f:\program files\Real Alternative
2008-11-16 22:00 . 2008-11-16 22:00   <DIR>   d--------   f:\program files\Media Player Classic
2008-11-16 14:04 . 2008-11-16 14:04   <DIR>   d--------   f:\program files\NAPI-PROJEKT
2008-11-16 14:03 . 2008-11-16 14:03   <DIR>   d--------   f:\program files\Dziobas Rar Player
2008-11-16 12:18 . 2008-11-17 17:07   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Sports Interactive
2008-11-16 12:18 . 2008-11-16 12:18   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2008-11-16 11:36 . 2008-11-16 11:36   7,168   --ahs----   f:\windows\Thumbs.db
2008-11-16 11:16 . 2008-11-16 11:24   <DIR>   d--h-----   f:\program files\Zero G Registry
2008-11-16 11:12 . 2008-11-16 11:12   <DIR>   d--h-----   f:\documents and settings\Łukasz\InstallAnywhere
2008-11-16 11:12 . 2008-11-16 11:12   <DIR>   d--h-----   f:\documents and settings\Łukasz\InstallAnywhere
2008-11-16 10:45 . 2008-11-16 10:45   <DIR>   d--------   f:\program files\7-Zip
2008-11-13 09:18 . 2008-11-13 09:18   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Lavasoft
2008-11-11 20:11 . 2008-11-24 10:06   <DIR>   d--------   F:\Downloads
2008-11-11 17:11 . 2008-11-11 17:14   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Mount&Blade
2008-11-10 19:50 . 2008-11-10 19:50   <DIR>   d--h-----   f:\windows\system32\GroupPolicy
2008-11-10 13:07 . 2003-06-19 01:31   17,920   --a------   f:\windows\system32\mdimon.dll
2008-11-10 13:07 . 2008-11-24 09:54   526   --a------   f:\windows\ODBC.INI
2008-11-10 13:06 . 2008-11-10 13:07   <DIR>   d--------   f:\windows\SHELLNEW
2008-11-09 19:36 . 2008-11-19 11:00   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Skype
2008-11-09 19:36 . 2008-11-09 19:36   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-09 13:59 . 2008-11-09 13:59   <DIR>   d--------   f:\program files\OpenAL
2008-11-09 13:59 . 2008-11-09 13:59   409,600   --a------   f:\windows\system32\wrap_oal.dll
2008-11-08 16:09 . 2008-11-08 16:09   <DIR>   d--------   f:\program files\Common Files\Wise Installation Wizard
2008-11-08 12:36 . 2008-11-08 12:36   <DIR>   d--------   f:\program files\SopCast
2008-11-07 16:36 . 2008-11-07 19:25   <DIR>   d--------   f:\program files\Orbitdownloader
2008-11-07 16:36 . 2008-11-24 10:15   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Orbit
2008-11-07 16:36 . 2008-11-07 16:36   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\GrabPro
2008-11-07 11:31 . 2008-11-07 11:32   <DIR>   d--------   f:\documents and settings\Łukasz\Dane aplikacji\Media Player Classic
2008-11-07 11:30 . 2007-04-23 02:15   3,596,288   --a------   f:\windows\system32\qt-dx331.dll
2008-11-07 11:30 . 2007-06-28 18:52   765,952   --a------   f:\windows\system32\xvidcore.dll
2008-11-07 11:30 . 2007-05-31 08:44   740,442   --a------   f:\windows\system32\divx.dll
2008-11-07 11:30 . 2007-06-07 21:11   380,928   --a------   f:\windows\system32\ac3filter.acm
2008-11-07 11:30 . 2004-01-12 00:00   348,160   --a------   f:\windows\system32\msvcr71.dll
2008-11-07 11:30 . 2004-01-25 18:18   217,088   --a------   f:\windows\system32\yv12vfw.dll
2008-11-07 11:30 . 2007-06-28 18:54   180,224   --a------   f:\windows\system32\xvidvfw.dll
2008-11-07 11:30 . 2007-05-22 11:02   163,840   --a------   f:\windows\system32\unrar.dll
2008-11-07 11:30 . 2007-04-23 02:02   73,728   --a------   f:\windows\system32\dpl100.dll
2008-11-07 11:30 . 2007-07-10 18:55   7,680   --a------   f:\windows\system32\ff_vfw.dll
2008-11-07 11:30 . 2007-07-10 18:10   547   --a------   f:\windows\system32\ff_vfw.dll.manifest
2008-11-06 18:46 . 2008-11-06 18:46   <DIR>   d--------   f:\program files\Opera
2008-11-06 18:17 . 2008-11-06 18:23   514   --a------   f:\windows\WINCMD.INI
2008-11-06 18:08 . 2001-08-18 02:32   9,600   --a------   f:\windows\system32\drivers\hidusb.sys
2008-11-06 18:08 . 2006-06-14 14:20   6,272   --a------   f:\windows\system32\drivers\splitter.sys
2008-11-06 18:08 . 2004-08-04 03:28   4,992   --a------   f:\windows\system32\drivers\MSPQM.sys
2008-11-06 18:08 . 2004-08-04 03:37   2,944   --a------   f:\windows\system32\drivers\drmkaud.sys
2008-11-06 18:07 . 2006-06-14 14:20   172,416   --a------   f:\windows\system32\drivers\kmixer.sys
2008-11-06 18:07 . 2005-05-28 04:44   142,464   --a------   f:\windows\system32\drivers\aec.sys
2008-11-06 18:07 . 2006-06-14 14:47   82,944   --a------   f:\windows\system32\drivers\wdmaud.sys
2008-11-06 18:07 . 2004-08-04 03:45   60,800   --a------   f:\windows\system32\drivers\sysaudio.sys
2008-11-06 18:07 . 2004-08-04 05:05   58,624   --a------   f:\windows\system32\drivers\redbook.sys
2008-11-06 18:07 . 2001-08-18 02:30   54,272   --a------   f:\windows\system32\drivers\swmidi.sys
2008-11-06 18:07 . 2004-08-04 03:37   52,864   --a------   f:\windows\system32\drivers\DMusic.sys
2008-11-06 18:07 . 2004-08-04 03:28   7,552   --a------   f:\windows\system32\drivers\MSKSSRV.sys
2008-11-06 18:07 . 2004-08-04 03:28   5,376   --a------   f:\windows\system32\drivers\MSPCLOCK.sys
2008-11-06 18:07 . 2001-08-18 02:29   3,072   --a------   f:\windows\system32\drivers\audstub.sys
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\windows\Downloaded Installations
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\program files\D-Tools
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   dr-h-----   f:\documents and settings\Default User\Ustawienia lokalne
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\documents and settings\Default User\Ulubione
2008-11-06 18:04 . 2008-11-06 17:13   <DIR>   d--h-----   f:\documents and settings\Default User\Szablony
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\documents and settings\Default User\Pulpit
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\documents and settings\Default User\Moje dokumenty
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   dr-------   f:\documents and settings\Default User\Menu Start
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--------   f:\documents and settings\All Users\Ulubione
2008-11-06 18:04 . 2008-11-06 18:04   <DIR>   d--h-----   f:\documents and settings\All Users\Szablony
2008-11-06 18:04 . 2008-11-24 09:52   <DIR>   d--------   f:\documents and settings\All Users\Pulpit
2008-11-06 18:04 . 2008-11-19 22:31   <DIR>   dr-------   f:\documents and settings\All Users\Menu Start
2008-11-06 18:04 . 2008-11-16 12:18   <DIR>   dr-------   f:\documents and settings\All Users\Dokumenty
2008-11-06 18:03 . 2008-11-24 08:42   <DIR>   d--------   f:\windows\system32\CatRoot2
2008-11-06 18:03 . 2008-11-06 17:19   <DIR>   d--------   f:\windows\system32\CatRoot
2008-11-06 18:03 . 2008-11-06 18:04   <DIR>   dr-h-----   f:\documents and settings\Default User\Dane aplikacji
2008-11-06 18:03 . 2008-11-06 17:25   <DIR>   d--h-----   f:\documents and settings\Default User
2008-11-06 18:03 . 2008-11-19 22:30   <DIR>   d--------   f:\documents and settings\All Users\Dane aplikacji
2008-11-06 18:03 . 2008-11-10 19:51   <DIR>   d--------   f:\documents and settings\All Users
2008-11-06 18:03 . 2008-11-06 17:26   <DIR>   d--------   F:\Documents and Settings
2008-11-06 18:02 . 2008-11-06 17:22   261   --a------   f:\windows\system32\$winnt$.inf

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 17:09   ---------   d--h--w   f:\program files\InstallShield Installation Information
2008-11-20 17:08   ---------   d-----w   f:\program files\Windows Media Connect 2
2008-11-15 11:25   ---------   d-----w   f:\documents and settings\Łukasz\Dane aplikacji\Creative
2008-11-09 09:29   114,688   ----a-w   f:\windows\system32\OpenAL32.dll
2008-11-07 07:00   ---------   d-----w   f:\program files\Common Files\InstallShield
2008-11-06 15:51   ---------   d-----w   f:\documents and settings\Łukasz\Dane aplikacji\Winamp
2008-11-06 13:08   ---------   d-----w   f:\program files\MagicDisc
2008-11-06 13:03   ---------   d-----w   f:\program files\Radeon Omega Drivers
2008-11-06 13:03   ---------   d-----w   f:\program files\MultiRes
2008-11-06 13:02   ---------   d-----w   f:\program files\Creative
2008-11-06 12:49   ---------   d-----w   f:\program files\microsoft frontpage
2008-11-06 12:46   ---------   d-----w   f:\program files\Usługi online
2008-11-06 12:44   ---------   d-----w   f:\program files\Winamp
2008-11-06 11:24   737,280   ----a-w   f:\windows\iun6002.exe
2008-10-27 05:34   70,992   ----a-w   f:\windows\system32\XAPOFX1_2.dll
2008-10-27 05:34   514,384   ----a-w   f:\windows\system32\XAudio2_3.dll
2008-10-27 05:34   235,856   ----a-w   f:\windows\system32\xactengine3_3.dll
2008-10-27 05:34   23,376   ----a-w   f:\windows\system32\X3DAudio1_5.dll
2008-10-10 00:22   452,440   ----a-w   f:\windows\system32\d3dx10_40.dll
2008-10-10 00:22   4,379,984   ----a-w   f:\windows\system32\D3DX9_40.dll
2008-10-10 00:22   2,036,576   ----a-w   f:\windows\system32\D3DCompiler_40.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0848225A-8181-42FC-8C68-F0A543B12967}]
2008-11-24 08:37   98304   --a------   f:\windows\system32\dazsax.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="f:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-03-31 790528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="f:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="f:\windows\UpdReg.EXE" [2000-05-11 90112]
"DAEMON Tools-1033"="f:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"ATIModeChange"="Ati2mdxx.exe" [2005-08-04 f:\windows\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2005-06-29 f:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-01-24 f:\windows\system32\advpack.dll]

f:\documents and settings\ťukasz\Menu Start\Programy\Autostart\
MagicDisc.lnk - f:\program files\MagicDisc\MagicDisc.exe [2008-11-06 575488]

f:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Orbit.lnk - f:\program files\Orbitdownloader\orbitdm.exe [2008-11-07 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"f:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"d:\\gry\\Pokerium\\jre\\bin\\javaw.exe"=
"e:\\Counter-Strike\\hl.exe"=
"e:\\Counter-Strike\\hltv.exe"=
"e:\\Counter-Strike\\hlds.exe"=
"f:\\Program Files\\SopCast\\SopCast.exe"=
"f:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\f08\\fm.exe"=

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2008-11-24 110160]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys [2008-09-16 46464]

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWSP
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-24 f:\windows\Tasks\HPpromotions journeysoftware.job
- f:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 10:18:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(548)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(604)
f:\windows\system32\msprivs.dll
f:\windows\system32\rsaenh.dll
.
Czas ukończenia: 2008-11-24 10:19:30
ComboFix-quarantined-files.txt  2008-11-24 05:49:09
ComboFix2.txt  2008-11-24 04:21:18

Przed: 355*438*592 bajtów wolnych
Po: 348,880,896 bajtów wolnych


i log z hijacthis
Kod: Zaznacz wszystko
]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:39, on 2008-11-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
F:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\CTsvcCDA.exe
F:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: win32ie.a - {0848225A-8181-42FC-8C68-F0A543B12967} - F:\WINDOWS\system32\dazsax.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - F:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] F:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = F:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = F:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5802 bytes
Awatar użytkownika
sawio
~user
 
Posty: 202
Dołączenie: 27 Gru 2005, 00:34
Miejscowość: Z Kątowni
Pochwały: 1



Some dangerous viruses detected in your system.

Postprzez wojtas 24 Lis 2008, 18:55

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656



Some dangerous viruses detected in your system.

Postprzez sawio 26 Lis 2008, 22:14

thx pomoglo
Awatar użytkownika
sawio
~user
 
Posty: 202
Dołączenie: 27 Gru 2005, 00:34
Miejscowość: Z Kątowni
Pochwały: 1



Some dangerous viruses detected in your system.

Postprzez Okocza 26 Lis 2008, 22:19

sawio, wstaw log z combofixa i sdfixa... :?
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Re: some dangerous viruses detected in your system.

Postprzez bohun99 09 Gru 2008, 00:21

witam! ratujcie mnie proszę! mam ten sam problem. Combofix wogole nie chce sie wlaczyc, a nawet zainstalowac, wyskakuje jakies okienko z niebieskim tlem i nic sie nie dzieje wiecej...

SDFix nie pomoglo :( dodaje raport z SDFix i HJT


Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2008-12-08 at 23:00

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\c.ico - Deleted
C:\WINDOWS\system32\m.ico - Deleted
C:\WINDOWS\system32\p.ico - Deleted
C:\WINDOWS\system32\s.ico - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 23:06:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:25,0f,52,b0,a9,2b,c6,03,bb,31,cd,0d,3e,15,2c,38,7b,e9,8b,db,e8,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:25,0f,52,b0,a9,2b,c6,03,bb,31,cd,0d,3e,15,2c,38,7b,e9,8b,db,e8,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon  3 Mar 2008           568 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg"
Mon  3 Mar 2008         5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Thu 18 Sep 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]




Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:18, on 2008-12-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\713xRMTMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\ComboFix\ComboFix-Download.exe
D:\programy\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: LooseOwn - {99CE11B7-A2CA-426A-93BF-C1650ECFCDE8} - C:\WINDOWS\system32\rtenazot.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [pdfFactory Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6150 bytes
bohun99
~user
 
Posty: 1
Dołączenie: 09 Gru 2008, 00:10



Some dangerous viruses detected in your system.

Postprzez wojtas 09 Gru 2008, 18:39

zaloż nowy temat daj tam logi , opisz problem wstaw loga z rsita.
Image
Awatar użytkownika
wojtas
*mod
 
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 10 gości