Sprawdzenie loga-komp zamula

[mario78]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:11, on 2008-08-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Wcescomm.exe
D:\rapimgr.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\INetRepl.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{618A7C32-FB9F-49E6-B219-5AE6675CF594}: NameServer = 194.204.152.34,194.204.159.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4888 bytes


[huber2t]

W logu nic nie widzę

Podaj log z Combofix

[mario78]

chyba dobrze zrobiłem

Kod: Zaznacz wszystko

ComboFix 08-08-29.02 - Mario 2008-08-30 19:35:17.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.78 [GMT 2:00]
Running from: C:\Documents and Settings\Mario\Pulpit\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-30  )))))))))))))))))))))))))))))))
.

2008-08-28 18:28 . 2008-08-28 18:28   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-23 18:32 . 2008-08-23 18:32   543   --a------   C:\ZB20080823183140001.xml
2008-08-18 21:11 . 2008-08-18 21:11   9,646   --a------   C:\ZB20080818210748001.xml
2008-08-17 20:40 . 2008-08-25 22:41   1,004   --a------   C:\WINDOWS\UAMedytor.ini
2008-08-12 19:47 . 2008-08-12 19:47   180   --a------   C:\ZB20080812194700001.xml
2008-08-12 19:44 . 2008-08-12 19:44   180   --a------   C:\ZB20080812194448001.xml
2008-08-09 17:26 . 2008-08-09 17:26   <DIR>   d--------   C:\Program Files\Kaspersky Lab
2008-08-09 17:26 . 2008-08-09 17:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-09 17:26 . 2008-08-09 17:33   96,976   --a------   C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 17:26 . 2008-08-09 17:33   87,855   --a------   C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 17:26 . 2008-08-30 19:44   32   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-09 17:26 . 2008-08-30 19:44   32   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 17:26 . 2008-08-30 19:44   32   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 17:26 . 2008-08-30 19:44   32   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 17:24 . 2008-08-09 17:24   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-08-07 22:25 . 2005-10-21 03:47   30,592   ---------   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-08-07 22:25 . 2005-10-21 03:47   12,800   ---------   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-08-03 12:26 . 2008-08-03 12:26   1,120   --a------   C:\ZB20080803122624001.xml
2008-07-13 17:15 . 2008-07-13 17:16   29,638   --a------   C:\ZB20080713165719001.xml

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09   1,811,656   ----a-w   C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:33   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-07-07 20:33   253,952   ----a-w   C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 16:24   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-24 16:24   74,240   ----a-w   C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 09:49   18,432   ----a-w   C:\WINDOWS\system32\dllcache\iedw.exe
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42   246,784   ----a-w   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42   148,992   ----a-w   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:01   273,024   ------w   C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28   202,752   ----a-w   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16   1,291,264   ----a-w   C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 14:33   331,776   ----a-w   C:\WINDOWS\system32\dllcache\msadce.dll
2004-10-01 13:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
2003-08-27 09:49   3,424   ----a-w   C:\WINDOWS\inf\OTHER\cmiainfo.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"H/PC Connection Agent"="D:\Wcescomm.exe" [2006-11-13 15:57 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

C:\Documents and Settings\Mario\Menu Start\Programy\Autostart\
PopTray.lnk - C:\Program Files\PopTray\PopTray.exe [2006-09-16 15:01:16 1666048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= DSCMJPG.dll
"VIDC.MJPG"= DSCMJPG.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TV Remote Control.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TV Remote Control.lnk
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-10-29 16:50 4620288 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-10-29 16:50 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-09-28 03:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\rapimgr.exe"= D:\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"D:\wcescomm.exe"= D:\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"D:\WCESMgr.exe"= D:\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 BTCAP;Bluetooth, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\BTCap.sys [2006-08-07 15:22]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
.
Contents of the 'Scheduled Tasks' folder

2008-02-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ABmenu - C:\Program Files\ArcaVir\Bin\ABmenu.exe
MSConfigStartUp-ABREGMON - C:\Program Files\ArcaVir\Bin\ABregmon.exe
MSConfigStartUp-Ad Muncher - D:\programy\AdMunch.exe
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-InCD - C:\Program Files\Ahead\InCD\InCD.exe
MSConfigStartUp-LGODDFU - C:\Program Files\lg_fwupdate\fwupdate.exe
MSConfigStartUp-Nokia - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PCSuiteTrayApplication - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-PowerBar - C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
MSConfigStartUp-PVR Agent - C:\Program Files\V-Stream\PVR Plus\TVR\Scheduled.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mario\Dane aplikacji\Mozilla\Firefox\Profiles\7lzme1te.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 19:45:41
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\rapimgr.exe
.
**************************************************************************
.
Completion time: 2008-08-30 19:48:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-30 17:48:46

Pre-Run: 2,786,172,928 bajtów wolnych
Post-Run: 2,750,824,448 bajt˘w wolnych

174   --- E O F ---   2008-08-13 19:24:30


[huber2t]

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!