ďťż

Some dangerous viruses in your system. prosze o pomoc.

Misja Tereski
Witam
Wczoraj okazało się, że gdy chciałem wejść na dysk D, bądź też, lub otworzyć jakiś folder znajdujący się na tym dysku wyświetlał mi się komunikat

http://www.vpx.pl/up/20080720/szit.jpg

A tutaj wyniki z COMBOFIX:

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne ComboFix 08-07-20.5 - Grzegorz 2008-07-21 10:18:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.684 [GMT 2:00] Running from: C:\Documents and Settings\Grzegorz\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 ))))))))))))))))))))))))))))))) . 2008-07-20 18:43 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-20 18:43 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-20 18:34 . 2008-07-20 18:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-20 18:34 . 2008-07-20 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-07-20 15:21 . 2008-07-20 15:21 <DIR> d-------- C:\Program Files\GeoVid 2008-07-20 15:21 . 2004-08-04 15:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-07-20 15:21 . 2003-03-19 08:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2008-07-20 15:21 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll 2008-07-20 15:11 . 2008-07-20 15:11 17,920 --a------ C:\WINDOWS\system32\toolbars.dll 2008-07-20 15:11 . 2008-07-20 15:11 17,920 --a------ C:\WINDOWS\system32\tbsch.dll 2008-07-20 15:11 . 2008-07-20 15:11 17,920 --a------ C:\WINDOWS\system32\tbrs.dll 2008-07-14 17:40 . 2008-07-14 17:40 <DIR> d-------- C:\vcs5core 2008-07-14 17:40 . 2008-07-14 18:10 <DIR> d-------- C:\vcs5BGEffects 2008-07-14 17:40 . 2008-07-14 17:40 <DIR> d-------- C:\AV_LOGS 2008-06-28 17:33 . 2008-06-28 17:33 <DIR> d-------- C:\Program Files\Grupa IMAGE 2008-06-24 20:31 . 2008-06-24 20:34 <DIR> d-------- C:\Documents and Settings\Grzegorz\Dane aplikacji\Gadu-Gadu-8xALPHA . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-21 08:18 --------- d-----w C:\Program Files\neostrada tp 2008-07-21 07:58 --------- d-----w C:\Documents and Settings\Grzegorz\Dane aplikacji\Skype 2008-07-21 07:57 --------- d-----w C:\Documents and Settings\Grzegorz\Dane aplikacji\skypePM 2008-07-20 16:37 --------- d-----w C:\Program Files\DAEMON Tools 2008-07-17 19:30 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-06-26 10:55 --------- d-----w C:\Program Files\ivo 2008-06-23 19:07 --------- d-----w C:\Program Files\Gadu-Gadu 2008-06-13 08:53 --------- d-----w C:\Program Files\Google 2008-06-13 08:50 --------- d-----w C:\Program Files\Zylom Games 2008-06-13 08:48 --------- d-----w C:\Program Files\IrfanView 2008-06-11 19:20 --------- d-----w C:\Program Files\Skype 2008-06-11 19:20 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-11 19:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-06-09 14:07 --------- d-----w C:\Program Files\Picasa2 2008-06-07 14:17 --------- d-----w C:\Program Files\Real Alternative 2008-05-28 14:47 --------- d-----w C:\Documents and Settings\Grzegorz\Dane aplikacji\AdobeUM 2008-05-28 14:42 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-25 15:26 --------- d-----w C:\Program Files\Common Files\Real 2008-05-21 13:53 --------- d-----w C:\Program Files\Real 2008-01-17 16:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}] 2008-07-20 15:11 17920 --a------ C:\WINDOWS\system32\toolbars.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 16:03 21834536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05 7557120] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05 86016] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 14:04 77824 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-02-13 15:05 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360] C:\Documents and Settings\Grzegorz\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:00 113664] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.divxa32"= divxa32.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Valve\\hltv.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "27112:TCP"= 27112:TCP:BitComet 27112 TCP "27112:UDP"= 27112:UDP:BitComet 27112 UDP R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21c441be-5aed-11dc-8ed2-000e50f30e4c}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da4a242-009a-11dc-99c4-806d6172696f}] \Shell\AutoRun\command - E:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d2025c6-403b-11dc-8e47-000e50f30e4c}] \Shell\AutoRun\command - mgjpcfdg.cmd \Shell\explore\Command - mgjpcfdg.cmd \Shell\open\Command - mgjpcfdg.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca0a27a7-0095-11dc-8cf7-000e50f30e4c}] \Shell\AutoRun\command - juok3st.bat \Shell\explore\Command - juok3st.bat \Shell\open\Command - juok3st.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f85877fe-d269-11dc-908d-000e50f30e4c}] \Shell\Auto\command - M:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-ADS - C:\Windows\ADS.exe HKCU-Run-Twoje TVN24 - C:\Program Files\Pasek TVN24\PasekTVN24.exe HKCU-Run-Expressivo - C:\Program Files\ivo\Expressivo Demo\expressivo.exe HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe HKCU-Run-AQQ - C:\PROGRA~1\WapSter\AQQ\AQQ.exe HKCU-Run-VoipDiscount - C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe HKCU-Run-Komunikator - C:\Program Files\Tlen.pl\tlen.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.neostrada.pl R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 -: { - C:\Program Files\Messenger\msmsgs.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-21 10:20:49 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-21 10:21:21 ComboFix-quarantined-files.txt 2008-07-21 08:21:17 Pre-Run: 19,421,880,320 bajtów wolnych Post-Run: 21,898,481,664 bajtów wolnych 167 Download bez limitów

Bardzo proszę o pomoc. Z góry WAM dziękuje



Cześć.
Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne 2008-07-17 19:30 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys Download bez limitów

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne 2008-06-26 10:55 --------- d-----w C:\Program Files\ivo Download bez limitów (to chyba ivona, tak?)

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne 2008-01-17 16:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat Download bez limitów

Przy okazji można wywalić wszystkie tolbary, autoruny itp

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne 2008-07-20 15:11 17920 --a------ C:\WINDOWS\system32\toolbars.dll Download bez limitów

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03 94208] Download bez limitów

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] Download bez limitów

to jest od neo?

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768] Download bez limitów

To jeszcze nie wiadomo co to jest

Download: Rapidshare, Hotfile, Megaupload, Przeklej i Inne HKCU-Run-ADS - C:\Windows\ADS.exe Download bez limitów

Tak na prawdę to nie masz żadnych wirów (no do końca nie wiem, ale jeżeli chodzi o tą sytuację). Złapałeś jakiegoś kolegę "reklamę" który zachęca Cię do użycia (zapewne) płatnego programu aby zeskanował Ci kompa :)

Jeszcze możesz dać loga z HijackThis. :)

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • lalalu.xlx.pl
  • Menu
    Powered by wordpress | Theme: simpletex | © Misja Tereski