Jestem Forumowym Spamerem! Prośba O Sprawdzenie Loga

olkkaa1986 · 9 Czerwca 2008

Mam taki problem, na mój komputer wkradł się jakis wirus, gdy przeglądam pliki na dysku wyświetla mi się komunikat Attention. Some dangerous Trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended)". Wyczytałam, że trzeba sprawdzic log czy jak to tam się nazywa.

Wyszło tak:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 22:47:55, on 2008-06-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\dom\Pulpit\Ola\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

O2 - BHO: SVC plugin - {50AB4474-F8B5-4F66-BAC5-4251E765B827} - C:\WINDOWS\tusant8x.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - Startup: OpenOfficePL 2005 Home.lnk = C:\Program Files\OpenOfficePL2005 Home\program\quickstart.exe

O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Co usnąć ? Pomocy !! Edytowane 10 Czerwca 2008 przez XaD_

Kolobos · 9 Czerwca 2008

Nie wirus tylko trojany itd. Daj log z combofix.

olkkaa1986 · 9 Czerwca 2008

Nie bardzo się orientuję w tym bo z natury blondynką jestem, więc może dokładniej napisz co mam zrobić 8O

PROSZę !!

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix

ComboFix 08-06-09.3 - dom 2008-06-09 23:52:26.1 - FAT32x86

Running from: C:\Documents and Settings\dom\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\00038473.bin

C:\Program Files\myglobalsearch\bar\Cache\000386F4.bin

C:\Program Files\myglobalsearch\bar\Cache\000388F7.bin

C:\Program Files\myglobalsearch\bar\Cache\0045D89D

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\system32\AutoRun.inf

.

((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))

.

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Program Files\Spyware Doctor

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\PC Tools

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-06-09 23:04 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-06-09 23:04 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-06-09 23:04 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-06-09 23:04 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-06-09 22:11 . 2008-06-09 22:11 <DIR> d-------- C:\Program Files\SkanerOnline

2008-06-09 20:23 . 2008-03-27 18:26 15,024 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-06-09 20:05 . 2008-06-09 20:05 <DIR> d-------- C:\Program Files\Panda Security

2008-06-09 16:20 . 2008-06-09 16:20 <DIR> d-------- C:\Program Files\PhotoFiltre

2008-06-09 16:09 . 2008-06-09 16:09 254,464 --a------ C:\WINDOWS\tusant8x.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-06 15:33 --------- d-----w C:\Program Files\EA GAMES

2008-04-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG

2008-04-20 16:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard

2008-04-20 16:16 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\HPAppData

2008-04-20 16:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY

2008-04-20 16:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant

2008-04-20 16:14 --------- d-----w C:\Program Files\Common Files\HP

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50AB4474-F8B5-4F66-BAC5-4251E765B827}]

2008-06-09 16:09 254464 --a------ C:\WINDOWS\tusant8x.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 14:11 25448488]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58 1716224]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 16:03 1913656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.EXE]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]

"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-08-01 17:04 3313664]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-10-25 07:37 35328]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 11:45 787096]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44 15360]

"ALUalert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-10-08 12:29 54880]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\dom\Menu Start\Programy\Autostart\

OpenOfficePL 2005 Home.lnk - C:\Program Files\OpenOfficePL2005 Home\program\quickstart.exe [2005-03-01 01:10:00 49229]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

MediaChecker.lnk - C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 11:48:22 913560]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\Program Files\\BearShare\\BearShare.exe"=

"C:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\HPQTRA08.EXE"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\BIN\\hpqnrs08.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\BitComet\\tools\\CometBrowser.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"22065:TCP"= 22065:TCP:BitComet 22065 TCP

"22065:UDP"= 22065:UDP:BitComet 22065 UDP

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-01-06 12:13]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4cfa84-d285-11dc-9f15-0016178f5616}]

\Shell\AutoRun\command - 6l6w8.com

\Shell\explore\Command - 6l6w8.com

\Shell\open\Command - 6l6w8.com

.

Contents of the 'Scheduled Tasks' folder

"2008-06-09 21:54:40 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-09 23:54:31

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\system32\wdfmgr.exe

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\WINDOWS\system32\rundll32.exe

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\PROGRAM FILES\OPENOFFICEPL2005 HOME\PROGRAM\SOFFICE.EXE

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2008-06-09 23:57:43 - machine was rebooted [dom]

ComboFix-quarantined-files.txt 2008-06-09 21:57:36

Pre-Run: 5,519,196,160 bajtów wolnych

Post-Run: 5,756,583,936 bajt˘w wolnych

155

Edytowane 10 Czerwca 2008 przez XaD_

Kolobos · 10 Czerwca 2008

Nie uzywaj wiecej Internet Explorera, zmien przegladarke na Opere lub Firefox.

Podlacz zainfekowany pendrive i uzyj Flash Disinfector.

Odinstaluj: BearShare

W hijackthis usun:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll

O2 - BHO: SVC plugin - {50AB4474-F8B5-4F66-BAC5-4251E765B827} - C:\WINDOWS\tusant8x.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe

Utworz na pulpicie plik CFScript.txt i wklej do niego:

File::

C:\WINDOWS\tusant8x.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50AB4474-F8B5-4F66-BAC5-4251E765B827}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c4cfa84-d285-11dc-9f15-0016178f5616}]

Zapisz go i przeciagnij na ikone combofix.

olkkaa1986 · 10 Czerwca 2008

Teraz już chyba się go pozbyłam.

Zamieszam bynajmniej log jaki powstał po zastosowaniu się do Pańskiej instrukcji:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix

ComboFix 08-06-09.7 - dom 2008-06-10 9:10:09.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.249 [GMT 2:00]

Running from: C:\Documents and Settings\dom\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\dom\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\tusant8x.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\tusant8x.dll

.

((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))

.

2008-06-10 00:23 . 2008-06-10 00:23 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-06-10 00:23 . 2008-06-10 00:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-10 00:23 . 2008-06-10 00:23 <DIR> d-------- C:\Documents and Settings\dom\Dane aplikacji\SUPERAntiSpyware.com

2008-06-10 00:23 . 2008-06-10 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com

2008-06-09 23:04 . 2008-06-09 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-06-09 22:11 . 2008-06-09 22:11 <DIR> d-------- C:\Program Files\SkanerOnline

2008-06-09 20:23 . 2008-03-27 18:26 15,024 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys

2008-06-09 20:05 . 2008-06-09 20:05 <DIR> d-------- C:\Program Files\Panda Security

2008-06-09 16:20 . 2008-06-09 16:20 <DIR> d-------- C:\Program Files\PhotoFiltre

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-06 15:33 --------- d-----w C:\Program Files\EA GAMES

2008-04-20 16:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\WEBREG

2008-04-20 16:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard

2008-04-20 16:16 --------- d-----w C:\Documents and Settings\dom\Dane aplikacji\HPAppData

2008-04-20 16:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY

2008-04-20 16:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant

2008-04-20 16:14 --------- d-----w C:\Program Files\Common Files\HP

.

((((((((((((((((((((((((((((( snapshot@2008-06-09_23.57.15.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-09 22:23:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-06-09 22:23:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-06-10 06:37:10 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_530.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 14:11 25448488]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 15:58 1716224]

"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-12-07 16:03 1913656]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]