Skocz do zawartości


tablety.pl
Zdjęcie
- - - - -

Jak "oczyścić" mój komputer?




  • Zamknięty Temat jest zamknięty
8 odpowiedzi w tym temacie

#1 jo81joanna

jo81joanna

    First Rank

  • Użytkownicy
  • 5 postów

Napisano 07 07 2008 - 13:05

Witam,

wczoraj po aktualizacji systemu Windows pojawiły się poważne problemy z komputerem. Antivirus 2008 wykrył nastepujące świństwa:

Oto raport:
Antivirus 2008 system scan report.
Report generated 2008-07-06 22:58:22
Infections found: 43

Trojan
C:\WINDOWS\system32\
Trojan-Clicker.Win32.Small.ie
This Trojan opens web pages without the knowledge or consent of the user. It is a Windows PE EXE file. It is 640 bytes in size. It is written in C++.

Trojan
C:\WINDOWS\
Trojan.DOS.KillMBR.v
This Trojan program is a DOS Com file written in Assembler.On start-up, this Trojan writes random data to the MBR sector of the victim machine's first hard disk.

Backdoor
C:\WINDOWS\
Backdoor.Win32.Papi.a
This Trojan will provide a remote malicious user with access to the victim machine. The Trojan itself is a Windows PE EXE file.

Trojan
autorun
Trojan-Proxy.Win32.Agent.x
This Trojan launches a proxy server on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. The file is approximately 17KB in size.

Trojan
C:\WINDOWS\system32\
Trojan.Win32.Cryzip.a
This Trojan encrypts user files on the victim machine. It is a Windows file 1191936 bytes in size.

Trojan
C:\Program Files\
Trojan-Downloader.VBS.Psyme.ii
This Trojan downloads other malicious files via the Internet and launches them for execution on the victim machine without the user's knowledge or consent.

Trojan
C:\Program Files\Alwil Software\Avast4\POLISH\HELP\
Trojan-Clicker.Win32.Glocker.a
This Trojan opens a range of URLs without the knowledge or consent of the user. It is a Windows PE EXE file. The file is 28,672 bytes in size. It is written in Visual Basic.

Trojan
C:\Program Files\Ahead\Nero SoundTrax\
Trojan-PSW.Win32.Gip.107
This program belongs to the family of password-stealing Trojans.When run, the Trojan installs itself to the system, and while installing, copies itself to Windows.

Trojan
C:\Program Files\Ahead\Nero StartSmart\
Trojan-Downloader.JS.Small.au
This Trojan is written in JavaScript, and is approximately 1KB in size. It is normally found in HTML pages which can be of any size.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\
Trojan-Downloader.Win32.Delf.ajd
This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file, written in Delphi and packed using FSG.

Trojan
C:\Program Files\AskSBar\
Trojan-Downloader.Win32.Nurech.ao
This Trojan downloads other malicious programs from the Internet and launches them on the victim machine. The program itself is a Windows PE EXE file.

Trojan
C:\Program Files\Alwil Software\Avast4\DATA\report\
Trojan.Win32.AVKill.c
This Trojan has a malicious payload. It is a Windows PE EXE file. It is packed using UPX. It is written in C++. The size of infected files may vary from 6KB to 80KB.

Trojan
C:\Program Files\Alwil Software\Avast4\DATA\Skin\
Trojan-PSW.Win32.Coced.215
This Trojan steals user passwords. It is designed to steal a range of confidential information.It is a Windows PE EXE file.It is 10,240 bytes in size. It is written in Visual C++.

Backdoor
C:\Program Files\Alwil Software\Avast4\POLISH\
Backdoor.Win32.Ruledor.c
This program is part of the backdoor family of malicious programs intended for remote administration.

Trojan
C:\Program Files\AskSBar\
Trojan-Downloader.Win32.VB.gp
This Trojan downloads another malicious program via the Internet and launches it on the victim machine without the user's knowledge or consent. It is a Windows PE EXE file.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\
Trojan.DOS.Tornado_Patch
This "Trojan horse" permits access to command a prompt over Tornado BBS, installed on a "victim" computer.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\
Trojan.SymbOS.Skuller.a
This Trojan program infects mobile phones running Symbian. Any mobile running Symbian is potentially vulnerable.

Trojan
C:\Program Files\Alwil Software\Avast4\images\
Trojan.Win32.AVKill.c
This Trojan has a malicious payload. It is a Windows PE EXE file. It is packed using UPX. It is written in C++. The size of infected files may vary from 6KB to 80KB.

Trojan
C:\Program Files\AskSBar\bar\
Trojan-Dropper.MSWord.Lafool.h
This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user.

Trojan
C:\Program Files\Alwil Software\Avast4\DATA\
Trojan-Downloader.Win32.Delf.ajd
This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file, written in Delphi and packed using FSG.

Trojan
C:\Program Files\Alwil Software\Avast4\DATA\backup\
Trojan.Win32.Diamin.jn
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 29392 bytes in size. It is packed using UPX. The unpacked file is approximately 52KB in size.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\
Trojan.BAT.DelSys.ai
This Trojan has a malicious payload. This Trojan is a BAT file. It is 3063 bytes in size.

Trojan
C:\Program Files\AskSBar\
Trojan-Downloader.VBS.Agent.fz
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user's knowledge or consent.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.Win32.Delf.ajd
This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file, written in Delphi and packed using FSG.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\
Trojan-Dropper.Win32.Small.jh
This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file.

Trojan
C:\WINDOWS\system32\en-US\
Trojan.Win32.Cryzip.a
This Trojan encrypts user files on the victim machine. It is a Windows file 1191936 bytes in size.

Backdoor
C:\WINDOWS\system32\en-US\
Backdoor.Win32.DSSdoor.c
This Trojan program provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. The file is 419 969 bytes in size.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.Win32.Small.bdc
This Trojan downloads files from the Internet without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file 3072 bytes in size.

Spyware
C:\Program Files\Alwil Software\Avast4\Setup\INF\
Trojan-Spy.Win32.PcGhost.340
This Trojan is designed to steal confidential data. It is a Windows PE EXE file. It is written in Delphi. It is 241,152 bytes in size.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.Win32.Swizzor.cc
This Trojan program is a Windows PE EXE file, 62 KB in size.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.VBS.Agent.fz
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user's knowledge or consent.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Clicker.Win32.Small.ie
This Trojan opens web pages without the knowledge or consent of the user. It is a Windows PE EXE file. It is 640 bytes in size. It is written in C++.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\
Trojan-Dropper.Win32.Small.at
This Trojan is designed to install and launch other malicoius programs on the victim machine without the user's knowledge or consent.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.Win32.Bagle.h
This progame was initially distributed using spammer technologies. The program itself is a Windows PE EXE file 9742 bytes in size, written in C++.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Dropper.Win32.Small.go
This Trojan is designed to install and launch other programs on the victim machine. It is a Windows PE EXE file. It is 10,752 bytes in size.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Downloader.VBS.Agent.fe
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user's knowledge or consent.

Trojan
C:\Program Files\Alwil Software\Avast4\Setup\INF\
Trojan.DOS.KillMBR.v
This Trojan program is a DOS Com file written in Assembler.On start-up, this Trojan writes random data to the MBR sector of the victim machine's first hard disk.

Trojan
C:\WINDOWS\system32\en-US\
Trojan-Dropper.Ichitaro.Tarodrop.f
This Trojan is designed to install another Trojan program to the system without the user's knowledge.

Trojan
CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\
Trojan-Downloader.Win32.Bagle.h
This progame was initially distributed using spammer technologies. The program itself is a Windows PE EXE file 9742 bytes in size, written in C++.

Backdoor
CLSID\{44629984-2B6D-4F31-956B-9C91CB0775AF}\
Backdoor.Win32.Papi.a
This Trojan will provide a remote malicious user with access to the victim machine. The Trojan itself is a Windows PE EXE file.

Trojan
CLSID\{44629984-2B6D-4F31-956B-9C91CB0775AF}\
Trojan-Proxy.Win32.Small.fk
This Trojan program makes it possible for a remote malicious user to use the victim machine as a proxy server. It is a Windows PE EXE file.

Trojan
CLSID\{55136805-B2DE-11D1-B9F2-00A0C98BC547}\
Trojan-PSW.Win32.Coced.215
This Trojan steals user passwords. It is designed to steal a range of confidential information.It is a Windows PE EXE file.It is 10,240 bytes in size. It is written in Visual C++.

Backdoor
CLSID\{950E55B9-877C-4C67-BE08-E47B5611130A}\
Backdoor.Agobot.gen
This is a classical backdoor and allows a 'master' to control the victim machine remotely by sending commands via IRC channels.




To wszystko powoduje, że nie mogę poruszać sie po sieci. Strony blokują się, pojawiaja się cały czas ten sam komunikat, że sytuacja jest krytyczna i wymusza wykupienie licencji programu Antivirus 2008, który może usunąć istniejący problem. Niemal przy każdym moim kliknięciu w sieci pojawia się właśnie taka informacja.
Na komputerze mam program Avast, który nie wykrył żadnych nieprawidłowości, podobnie jak Ad-Aware. Ten co prawda "coś tam pokazał" i usunął, ale po ponownym scanie programem Antivirus pojawia się taki sam raport, ja wyżej :D
Z innych ochronnych programów mam jeszcze zainstalowany Comodo Firewall.
Poniżej załączam swój log i liczę na pomoc....

Pozdrawiam,
jo81joanna.

Załączone pliki



#2 Gość_Landuss_*

Gość_Landuss_*
  • Goście

Napisano 07 07 2008 - 14:11

Przecierz Antywirus 2008 to jest wirus a nie prawdziwy program ochronny. Prosze wkleic log z ComboFix.

#3 jo81joanna

jo81joanna

    First Rank

  • Użytkownicy
  • 5 postów

Napisano 07 07 2008 - 14:33

Ok. Zrobione. Dołączam log z Combofix.

ComboFix 08-07-05.1 - KOTKI 2008-07-07 15:19:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.497 [GMT 2:00]
Running from: C:\Documents and Settings\KOTKI\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\KOTKI\Application Data\Antivirus2008y
C:\Documents and Settings\KOTKI\Application Data\Antivirus2008y\antvrs.exe
C:\Documents and Settings\KOTKI\Start Menu\Antivirus2008y
C:\Documents and Settings\KOTKI\Start Menu\Antivirus2008y\Antivirus 2008.lnk
C:\Documents and Settings\KOTKI\Start Menu\Antivirus2008y\Uninstall Antivirus 2008.lnk
C:\Program Files\Antivirus2008y
C:\Program Files\Antivirus2008y\antvrs.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 12:07 . 2008-07-07 12:07 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-07-07 10:17 . 2008-07-07 10:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-07 10:17 . 2008-07-07 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-07 10:16 . 2008-07-07 10:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 21:02 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\KOTKI\Application Data\SUPERAntiSpyware.com
2008-07-06 21:02 . 2008-07-06 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 11:39 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-11 08:39 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:39 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 13:22 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\Skype
2008-07-07 09:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 08:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-06-12 18:47 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\AdobeUM
2008-06-03 19:46 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-06-03 19:41 --------- d-----w C:\Program Files\AskSBar
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 19:00 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\Image Zone Express
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-19 11:06 683,801 ----a-w C:\WINDOWS\unins000.exe
2008-04-17 07:27 8,798,720 ----a-w C:\Program Files\XPSEP XP and Server 2003 32 bit.msi
2008-02-02 15:31 7,708,988 ----a-w C:\Program Files\gimpshop_2.2.8_setup(dobreprogramy.pl).exe
2007-12-02 11:04 17,512,696 ----a-w C:\Program Files\setuppol.exe
2007-06-07 10:15 15,732,984 ----a-w C:\Program Files\GoogleEarthWin_EARX.exe
2006-12-28 10:48 20,155,344 ----a-w C:\Program Files\SkypeSetup.exe
2006-09-26 11:47 35,256 ----a-w C:\Documents and Settings\KOTKI\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 16:32 88 --sh--r C:\WINDOWS\system32\FA7DC8D02C.sys
2007-09-21 16:33 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-03 21:41 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32 25365032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 17:06 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 23:33 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-08 02:21 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 14:51 184320]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 03:41 245760]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 22:43 151552]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 15:03 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-10 01:56 6746112]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 19:10 192512]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-12 18:50 1115728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [2008-04-16 17:41 863232]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 22:25 14720000 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\KOTKI\Start Menu\Programs\Startup\
Click to DVD Automatic Mode Launcher.lnk - C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe [2005-07-23 02:13:42 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-05-03 18:40:49 299008]
Recording Status.lnk - C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe [2005-07-23 02:22:40 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"C:\\Program Files\\Common Files\\Sony Shared\\VAIO Entertainment Platform\\VCSW\\VCSW.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-18 02:26]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 04:05]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 22:06]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-18 02:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc9a7f4-7e71-11dc-936d-0013ce291727}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - ATE_PROCMON
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-03-19 05:12:27 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-03-19 05:12:27 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-03-19 05:12:28 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:22:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 15:23:57
ComboFix-quarantined-files.txt 2008-07-07 13:23:38

Pre-Run: 50,465,947,648 bytes free
Post-Run: 51,680,608,256 bytes free

156 --- E O F --- 2008-06-21 06:24:48

Załączone pliki

  • Załączony plik  log.txt   10,44 KB   37 Ilość pobrań


#4 Gość_Landuss_*

Gość_Landuss_*
  • Goście

Napisano 07 07 2008 - 14:40

Wklej do ntoatnika:

Folder::
C:\Program Files\AskSBar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bc9a7f4-7e71-11dc-936d-0013ce291727}]
Plik >>> zapisz pod nazwą CFScript.txt a nastepnie przeciągnij go i upuść na ikonę ComboFixa w taki sposób:

Dołączona grafika

Dajesz nowego loga.






.

#5 jo81joanna

jo81joanna

    First Rank

  • Użytkownicy
  • 5 postów

Napisano 07 07 2008 - 15:03

Nowy log:
ComboFix 08-07-05.1 - KOTKI 2008-07-07 15:58:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.446 [GMT 2:00]
Running from: C:\Documents and Settings\KOTKI\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\KOTKI\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\00F26558
C:\Program Files\AskSBar\bar\Cache\02DB2297.bin
C:\Program Files\AskSBar\bar\Cache\02DB299C.bin
C:\Program Files\AskSBar\bar\Cache\02DB2CE8.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 12:07 . 2008-07-07 12:07 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-07-07 10:17 . 2008-07-07 10:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-07 10:17 . 2008-07-07 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-07 10:16 . 2008-07-07 10:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 21:02 . 2008-07-06 22:12 <DIR> d-------- C:\Documents and Settings\KOTKI\Application Data\SUPERAntiSpyware.com
2008-07-06 21:02 . 2008-07-06 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-05 11:39 . 1998-11-13 13:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-11 08:39 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:39 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 13:58 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\Skype
2008-07-07 09:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 08:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-06-12 18:47 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\AdobeUM
2008-06-03 19:46 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-13 19:00 --------- d-----w C:\Documents and Settings\KOTKI\Application Data\Image Zone Express
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-19 11:06 683,801 ----a-w C:\WINDOWS\unins000.exe
2008-04-17 07:27 8,798,720 ----a-w C:\Program Files\XPSEP XP and Server 2003 32 bit.msi
2008-02-02 15:31 7,708,988 ----a-w C:\Program Files\gimpshop_2.2.8_setup(dobreprogramy.pl).exe
2007-12-02 11:04 17,512,696 ----a-w C:\Program Files\setuppol.exe
2007-06-07 10:15 15,732,984 ----a-w C:\Program Files\GoogleEarthWin_EARX.exe
2006-12-28 10:48 20,155,344 ----a-w C:\Program Files\SkypeSetup.exe
2006-09-26 11:47 35,256 ----a-w C:\Documents and Settings\KOTKI\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 16:32 88 --sh--r C:\WINDOWS\system32\FA7DC8D02C.sys
2007-09-21 16:33 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 18:32 25365032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 17:06 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 23:33 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-08 02:21 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 14:51 184320]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 03:41 245760]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 22:43 151552]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 15:03 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-10 01:56 6746112]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 19:10 192512]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-08-12 18:50 1115728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [2008-04-16 17:41 863232]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 22:25 14720000 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\KOTKI\Start Menu\Programs\Startup\
Click to DVD Automatic Mode Launcher.lnk - C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe [2005-07-23 02:13:42 86016]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
LG SyncManager.lnk - C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe [2007-05-03 18:40:49 299008]
Recording Status.lnk - C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe [2005-07-23 02:22:40 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"C:\\Program Files\\Common Files\\Sony Shared\\VAIO Entertainment Platform\\VCSW\\VCSW.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"=
"C:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SSI;SSI;C:\WINDOWS\system32\Drivers\SSI.SYS [2005-12-14 19:06]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-18 02:26]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 04:05]
S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 22:06]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-18 02:23]

*Newly Created Service* - ATE_PROCMON
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-03-19 05:12:27 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-03-19 05:12:27 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-03-19 05:12:28 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 15:59:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 16:01:13
ComboFix-quarantined-files.txt 2008-07-07 14:00:56
ComboFix2.txt 2008-07-07 13:23:58

Pre-Run: 51,653,275,648 bytes free
Post-Run: 51,644,583,936 bytes free

155 --- E O F --- 2008-06-21 06:24:48

#6 Gość_Landuss_*

Gość_Landuss_*
  • Goście

Napisano 07 07 2008 - 15:10

Wyglada, ze jest OK . Skasuj folder C:\Qoobox i zresetuj stan przywracania systemu przez chwilowe jego wyłączenie.

#7 jo81joanna

jo81joanna

    First Rank

  • Użytkownicy
  • 5 postów

Napisano 07 07 2008 - 15:38

Usunęłam C:\Qoobox i zresetowałam stan przywracania systemu przez chwilowe jego wyłączenie. Czy już mogę być spokojna? :D

Tak jak pisałam na początku, wczoraj zrobiłam aktualizację Windowsa i od tej pory zaczęłam mieć te wszystkie problemy. Zauważyłam też, że ten cały Antywirus 2008 był zapisany z datą wczorajszą, z godziną odpowiadającą godzinie robionej aktualizacji. Czy to możliwe, że podczas tej operacji doszło do zarażenia?
Jak mam unikać takich sytuacji?
Czym najlepiej chronić komputer?
Obecnie mam:
- Avast! Antywirus,
- Ad-Aware,
- Comodo Firewall.
Czy te programy się nie "gryzą"? Czy powinnam coś innego zainstalować? Coś usunąć?

#8 Gość_Landuss_*

Gość_Landuss_*
  • Goście

Napisano 07 07 2008 - 15:40

Datami powstania sie nie sugeruj zbytnio bo czasami bywaja zmienione. A jesli nawet to moglbyc czysty zbieg okolicznosci z ta aktualizacja i infekcją. Wiadomo z :D darza sie Zabezpieczenie masz dobre. Mozesz juz byc spokojna.

#9 jo81joanna

jo81joanna

    First Rank

  • Użytkownicy
  • 5 postów

Napisano 07 07 2008 - 15:44

B A R D Z O dziękuję. Jestem niezmiernia wdzięczna.
Pozdrawiam serdecznie :D




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych