Dotkniętej XP Antivirus 2008

**RB211** · #1 5 lipca 2008, 08:54

Hi guys .. I just otwarcia wiadomości e-mail i got hit z XP Antivirus 2008 wirusa. Cant get rid of it. Any help much appreciated ..

**evilfantasy** · #2 5 lipca 2008, 09:13

Zacząć TUTAJ

Opublikuj dzienniki gdy kompletne.

**RB211** · #3 5 lipca 2008, 09:34

Niestety oficer I dont zrozumieć .. Co chcesz żebym zrobił z tego wszystkiego?

**Hybr! D** · #4 5 lipca 2008, 09:44

Trochę czasu, aby ją przeczytać, a następnie uruchomić program i po pliki abyśmy mogli zobaczyć, co się dzieje z komputerem.

**RB211** · #5 5 lipca 2008, 11:59

Heres dzienniki:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/05/2008 at 05:20 PM
Zastosowanie Wersja: 4.15.1000
Core Zasady Database Version: 3497
Trace Rules Database Version: 1488
Scan type: Quick Scan
Total Scan Time: 00:10:14
Pamięć pozycji zeskanowane: 268
Pamięć wykrycia zagrożenia: 1
Rejestr pozycji zeskanowane: 407
Rejestr zagrożeń wykrytych: 26
Plik przedmioty zeskanowane: 6977
Plik zagrożeń wykrytych: 175
Rogue.AntiVirus XP 2008
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ PROGRAM FILES \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ Antivirus XP 2008 \ How to Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ Antivirus XP 2008 \ Register Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Menu Start \ Programy \ XP Antivirus 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ Cookies \ danny @ obsługujących-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ reklamy [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ DoubleClick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@tracking.summitmedia. współpracy [1]. txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@w00tpublishers.wootme dni [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Overture [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ a [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ Statcounter [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ statyw [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ adtech [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ zwiększenia [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ Cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ DoubleClick [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ piętnaście [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ adrevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Statcounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ finansowych [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ obsługujących-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ reklamy [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 Service #
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Klasa
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St sztuki
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # op t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se curity
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se curity # Bezpieczeństwo
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # Count
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En um # NextInstance
NotHarmful.Sysinternals Bluescreen Screen Saver
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown pochodzenia
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP

Malwarebytes' Anti-Malware 1.19
Database wersja: 924
Windows 5.1.2600 Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Scan type: Full Scan (C: \ | D: \ | E: \ |)
Obiekty skanowane: 113635
Czas odtwarzania: 42 minut (y) 4 sekund (y)
Memory Processes Infected: 0
Memory Modules Infected: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 0
Danych Rejestru przedmioty Infected: 2
Foldery Infected: 0
Zainfekowanych plików: 4
Memory Processes Infected:
(Nie wykryto złośliwego pozycji)
Memory Modules Infected:
(Nie wykryto złośliwego pozycji)
Zainfekowane klucze rejestru:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Powiadomień (Rogue.Multiple) -> kwarantannie i usunięte pomyślnie.
Zainfekowane wartości rejestru:
(Nie wykryto złośliwego pozycji)
Danych Rejestru przedmioty Infected:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> kwarantannie i usunięte pomyślnie.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> kwarantannie i usunięte pomyślnie.
Foldery Infected:
(Nie wykryto złośliwego pozycji)
Zainfekowane pliki:
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000029.exe (Trojan.Downloader) -> kwarantannie i usunięte pomyślnie.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ rp2 \ A0000047.dll (Rogue.AntivirusXP2008) -> kwarantannie i usunięte pomyślnie.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> kwarantannie i usunięte pomyślnie.
C: \ System Volume Information \ _restore (CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> kwarantannie i usunięte pomyślnie.

JavaRa 1.08 Usuwanie Log.Report następujące po linii .------------------------------------ W JavaRa proces usuwania została założona w Pią 05 19:49:54 2008
Znaleźć i usunąć: C: \ Program Files \ Java \ jre1.6.0_05Found i odwoływani: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4Found i odwoływani: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_02Found i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_04Found i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_06Found i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_09Found i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_10Found i odwoływani: Software \ JavaSoft \ Java2D \ 1.5.0_11Found i odwoływani: SOFTWARE \ Classes \ JavaPlugin.150_02Found i odwoływani: SOFTWARE \ Classes \ JavaPlugin.150_04Found i odwoływani: SOFTWARE \ Classes \ JavaPlugin.150_06Found i usunięte: SOFTWARE \ Classes \ JavaPlugin.150_09Found i odwoływani: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Zakończone sprawozdawczości.

Dzięki chłopaki

**evilfantasy** · #6 5 lipca 2008, 12:01

Potrzebują HijackThis teraz.

**RB211** · #7 5 lipca 2008, 12:25

Oj przepraszam. Tu jest:

Logfile of Trend Micro HijackThis v2.0.2
Skanowanie zapisany na 20:24:21, na 05/07/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Uruchamianie procesów:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ osd.exe
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Zjednoczonych Alarmy \ UnitedAlerts.exe
C: \ Program Files \ Google \ googletoolbarnotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (plik brakuje)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ googletoolbarnotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (plik brakuje)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ osd.exe
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-y
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update opóźnienia 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-OSBOOT
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe polecenie bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Wielka Alarmy] C: \ Program Files \ Zjednoczonych Alarmy \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ googletoolbarnotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Dodatkowe menu kontekstowego pozycję: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Dodatkowe menu kontekstowego pozycję: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Dodatkowe menu kontekstowego pozycję: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll / search.htm
O8 - Dodatkowe menu kontekstowego pozycję: retrospektywne Linki - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Dodatkowe menu kontekstowego pozycję: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra kontekście menu: Otwórz na nowej karcie w tle - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ pl-pl \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekście menu: Otwórz w nowym planie tab - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ pl-pl \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Dodatkowe menu kontekstowego pozycję: Similar Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Dodatkowe menu kontekstowego pozycję: Tłumaczenie na język angielski - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (plik brakuje) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasy) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasy) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ googleupdaterservice.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
Koniec pliku - 10438 bajtów

**evilfantasy** · #8 5 lipca 2008, 12:32

Jeszcze trochę pracy do zrobienia.

Pobrać SDFix.exe i zapisz go na pulpicie.

Podwójne kliknięcie SDFix.exe i będzie wyodrębnić pliki do% systemdrive%
(Dysk, który zawiera katalogu Windows, zazwyczaj C: \ SDFix)

Teraz uruchom ponownie komputer w Tryb awaryjny wykonując następujące czynności:

Uruchom ponownie komputer
Po wysłuchaniu komputera sygnał raz podczas uruchamiania, ale przed Windows pojawia się ikona, dotknij klawisz F8 stale;
Zamiast ładowanie Windows jako normalne, Opcje zaawansowane menu powinny być widoczne;
Wybierz pierwszą opcję, aby uruchomić system Windows w trybie awaryjnym, a następnie naciśnij Wprowadź.
Wybierz zwykle konta.
Otwórz folder i ekstrahowana SDFix kliknij dwukrotnie RunThis.bat , aby uruchomić skrypt.
Typ Y , aby rozpocząć proces oczyszczania.
To będzie usuwać wszelkie Trojan Usługi i wpisów rejestru stwierdza następnie, że zachęty do naciśnij dowolny klawisz, aby ponownie uruchomić komputer.
Naciśnij dowolny klawisz i będzie restart komputera.
Gdy komputer zostanie ponownie uruchomiony ponownie Fixtool i dokończyć proces usuwania następnie wyświetlić Zakończone, Naciśnij dowolny klawisz do zakończenia skryptu i załadowania ikon na pulpicie.
Po ikony pulpitu załadować SDFix raport zostanie otwarty na ekranie, a także zapisać w folderze SDFix Report.txt
(Report.txt będą również skopiowane do schowka).
W końcu skopiuj i wklej zawartość pliku wyniki Report.txt z nowym HijackThis w następnej odpowiedzi.

Jeśli SDFix nie będzie działać lub masz błędów, wykonaj następujące łącze, aby uzyskać instrukcje dotyczące jazdy SDFix. Jak korzystać z SDFix

----------

Następna wiadomość dodaj
SDFix log
NOWE HijackThis

**RB211** · #9 5 lipca 2008, 13:34

OK Następna dzienniki

SDFix: Version 1.201
Prowadzi Danny 21:08 w dniu 05/07/2008
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C: \ Piosenki \ SDFix
Sprawdzanie usług :

Przywracanie bezpieczeństwa Wartości domyślne
Przywracanie domyślnego pliku Hosts
Ponowne uruchamianie

Sprawdzenie plików :
Trojan Nie znaleziono plików

Usuwanie plików TEMP
ADS Check :

Wersja Sprawdź :
catchme 0.3.1361.2 W2K/XP/Vista - Rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
Windows 5.1.2600 Service Pack 3 dla systemu plików NTFS
skanowanie ukrytych procesów ...
ukryte usługi skanowania i gałęzi systemowej ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
skanowanie ukrytych wpisów rejestru ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
skanowanie ukrytych plików ...
skanowanie zakończone pomyślnie
ukrytych procesów: 0
ukryte usługi: 0
ukryte pliki: 0

Pozostałych usług :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ standardowy profil \ authorizedapplications \ list]
"% windir% \ system32 \ \ Sessmgr.exe" = "% windir% \ \ syste m32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ Inorpc.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ Inorpc.exe: *: Enabled: eTrust Antivirus - Serwer RPC "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ InocIT.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ InocIT.exe: *: Enabled: eTrust Antivirus - Lokalna Skaner "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ realmon.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ realmon.exe: *: Enabled: eTrust Antivirus - Realtime monitora "
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ Program Files \ \ Zjednoczonych Alarmy \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Zjednoczonych Alarmy \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ ICQ \ Icq.exe" = "C: \ Program Files \ \ ICQ \ Icq.exe: *: Enabled: ICQ"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ Shellscn.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ StubInstaller.exe: *: E nabled: LimeWire swarmed installer"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ usługi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ system32 \ \ Sessmgr.exe" = "% windir% \ \ syste m32 \ Sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ Zjednoczonych Alarmy \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Zjednoczonych Alarmy \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20000"
Pozostałe pliki :

Pliki z Ukryte Atrybuty :
Środa 26 stycznia 2005 4704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Środa 13 lipca 2005 4348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sobota 5 lipca 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Poniedziałek 13 czerwca 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Poniedziałek 13 czerwca 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Poniedziałek 13 czerwca 2005 A. 7420. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Sobota 5 lipca 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Dane aplikacji \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Środa 13 lipca 2005 4348 H. ... --- "C: \ Documents and Settings \ Danny \ Moje dokumenty \ Moja muzyka \ Kopia zapasowa licencji \ drmv1key.bak"
Środa 25 stycznia 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Moje dokumenty \ Moja muzyka \ Kopia zapasowa licencji \ drmv1lic.bak"
Środa 13 lipca 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Moje dokumenty \ Moja muzyka \ Kopia zapasowa licencji \ drmv2key.bak"
Finished!

i

Logfile of Trend Micro HijackThis v2.0.2
Skanowanie zapisany na 21:33:52, na 05/07/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Uruchamianie procesów:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Program Files \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ osd.exe
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Zjednoczonych Alarmy \ UnitedAlerts.exe
C: \ Program Files \ Google \ googletoolbarnotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (plik brakuje)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ googletoolbarnotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (plik brakuje)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ osd.exe
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-y
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ Musicmatch \ Musicmatch Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Program Files \ SPAMfighter \ SFAgent.exe" update opóźnienia 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-OSBOOT
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe polecenie bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Wielka Alarmy] C: \ Program Files \ Zjednoczonych Alarmy \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ googletoolbarnotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ en-gb \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Dodatkowe menu kontekstowego pozycję: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Dodatkowe menu kontekstowego pozycję: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / SEARCH.HTML
O8 - Dodatkowe menu kontekstowego pozycję: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ pl-pl \ msntb.dll / search.htm
O8 - Dodatkowe menu kontekstowego pozycję: retrospektywne Linki - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Dodatkowe menu kontekstowego pozycję: Cached Snapshot of Page - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra kontekście menu: Otwórz na nowej karcie w tle - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ pl-pl \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra kontekście menu: Otwórz w nowym planie tab - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ pl-pl \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Dodatkowe menu kontekstowego pozycję: Similar Pages - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Dodatkowe menu kontekstowego pozycję: Tłumaczenie na język angielski - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ Xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra button: Medion-UK - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (plik brakuje) (HKCU)
O16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI klasy) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl klasy) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ googleupdaterservice.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ Inorpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Program Files \ SPAMfighter \ sfus.exe
--
Koniec pliku - 10422 bajtów

**evilfantasy** · #10 5 lipca 2008, 13:38

I trzeba mieć trochę więcej informacji na kilka plików. Opublikuj tutaj linki do wyników, gdy zakończona.

Podejrzane Skanowanie plików (s)

Odwiedź Virustotal
(Jeżeli więcej niż jeden plik potrzeb zeskanowane muszą być wykonane oddzielnie i dzienniki wysłana do każdego z nich)

Skopiuj plik ścieżkę w polu Kod poniżej:

Kod:

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

Na przesłać witryny, kliknij raz wewnątrz okna obok Ludzie.
Prasa Ctrl + V na klawiaturze (zarówno w tym samym czasie), aby wkleić ścieżkę pliku w oknie.
Następnie kliknij Wyślij plik
- Plik zostanie potencjalnie weszła w kolejce która zazwyczaj ma mniej niż minutę, aby usunąć.
Będzie to wykonać skanowanie wielu różnych silników skanowania wirusów.
Ważne: Poczekaj na wszystkie silniki skanowania, aby zakończyć.
Skopiuj i wklej link do wyników w kolejnych odpowiedzi.

Teraz to samo z tego pliku.

Kod:

C: \ Program Files \ Zjednoczonych Alarmy \ UnitedAlerts.exe