Robak-Wirus

Mainzer92 · Marzec 11, 2010

ściągnąłem plik otworzyłem go Avast wykrył wirusa chciałem go naprawić,usunąć itd ale pisało że nie ma takiej nazwy pliku nie wiedzałem co robić więc usunąłem go do kosza.wklejam skan z Malwarebytes' Anti-Malware i log z RSIT

log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)

Run by Besitzer at 2010-03-11 10:53:01

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 46 GB (60%) free of 76 GB

Total RAM: 502 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:53:23, on 2010-03-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Alwil Software\Avast4\aswUpdSv.exe

C:\Programme\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Alwil Software\Avast4\ashMaiSv.exe

C:\Programme\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\Flock\flock.exe

C:\Programme\Internet Explorer\iexplore.exe

C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe

C:\Programme\trend micro\Besitzer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)

O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bearShare] "C:\Programme\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

O23 - Service: getPlus? Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Usługa Google Update (gupdate1ca3d0bf7646c6e) (gupdate1ca3d0bf7646c6e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--

End of file - 7687 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-02-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}]

My Global Search Bar BHO - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-04-24 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-07 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}]

PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-04-24 225280]

{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll []

{c9508125-4747-4733-b048-e4b82dc9716d} - PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080]

{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208]

"NWEReboot"= []

"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

"BearShare"=C:\Programme\BearShare\BearShare.exe /pause []

"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2010-02-11 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Disabled:metin2"

"C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Programme\Nowe Gadu-Gadu\gg.exe"="C:\Programme\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu"

"C:\Programme\BearShare Applications\BearShare\BearShare.exe"="C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"

"C:\Programme\Wru\Wru.exe"="C:\Programme\Wru\Wru.exe:*:Enabled:Wru P2P Client"

"C:\Programme\age-of\Empires.exe"="C:\Programme\age-of\Empires.exe:*:Enabled:Age of Empires"

"C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe"="C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe:*:Enabled:Age of Empires"

"C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2"

"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

"C:\Programme\Gadu-Gadu 10\gg.exe"="C:\Programme\Gadu-Gadu 10\gg.exe:*:Disabled:Gadu-Gadu 10"

"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-03-11 10:53:04 ----D---- C:\Programme\trend micro

2010-03-11 10:53:01 ----D---- C:\rsit

2010-03-10 23:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2010-03-10 22:50:51 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

2010-03-10 22:50:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-03-10 22:50:40 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2010-03-10 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

2010-02-24 07:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

2010-02-15 23:47:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpenFM

2010-02-15 23:47:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenFM

2010-02-15 08:22:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gadu-Gadu 10

2010-02-15 08:22:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Gadu-Gadu 10

2010-02-15 08:22:12 ----D---- C:\Programme\Gadu-Gadu 10

2010-02-12 08:41:51 ----RD---- C:\Programme\Skype

======List of files/folders modified in the last 1 months======

2010-03-11 10:53:04 ----RD---- C:\Programme

2010-03-11 10:53:04 ----D---- C:\WINDOWS\Prefetch

2010-03-11 10:30:55 ----D---- C:\Programme\Flock

2010-03-11 09:49:34 ----D---- C:\WINDOWS\Temp

2010-03-11 09:49:10 ----SD---- C:\WINDOWS\Tasks

2010-03-11 09:37:27 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-03-11 09:37:26 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-11 06:28:52 ----D---- C:\WINDOWS

2010-03-11 06:28:20 ----D---- C:\WINDOWS\system32

2010-03-10 23:55:36 ----HD---- C:\WINDOWS\inf

2010-03-10 23:55:30 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-03-10 23:55:27 ----D---- C:\WINDOWS\system32\de-de

2010-03-10 23:55:27 ----D---- C:\Programme\Internet Explorer

2010-03-10 23:55:15 ----D---- C:\WINDOWS\ie7updates

2010-03-10 23:55:03 ----A---- C:\WINDOWS\imsins.BAK

2010-03-10 23:54:39 ----HD---- C:\WINDOWS\$hf_mig$

2010-03-10 22:50:44 ----D---- C:\WINDOWS\system32\drivers

2010-03-10 22:03:23 ----D---- C:\Programme\Asprate

2010-03-10 21:54:48 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype

2010-03-10 15:35:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater

2010-03-10 06:34:40 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Vso

2010-03-10 05:15:14 ----D---- C:\Programme\Mozilla Firefox

2010-03-10 05:07:40 ----D---- C:\WINDOWS\Media

2010-03-10 05:07:40 ----D---- C:\WINDOWS\Help

2010-03-10 05:06:19 ----D---- C:\WINDOWS\ie8updates

2010-03-10 03:03:46 ----D---- C:\Programme\Movie Maker

2010-03-08 08:26:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real

2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

2010-02-27 18:52:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton

2010-02-27 18:52:44 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared

2010-02-26 08:06:30 ----SHD---- C:\WINDOWS\Installer

2010-02-22 15:52:27 ----D---- C:\PROGRAM FILES

2010-02-19 19:18:14 ----SHD---- C:\Config.Msi

2010-02-12 08:41:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]

R3 E100B;Intel? PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-10-23 12288]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-27 47360]

R3 st3bus28;st3bus28; C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]

R3 st3mp28;st3mp28; C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PAC207;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]

S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S2 gupdate1ca3d0bf7646c6e;Usługa Google Update (gupdate1ca3d0bf7646c6e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-09-24 133104]

S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 183280]

S3 getPlus? Helper;getPlus? Helper; C:\Programme\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------

SKAN z Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.44

Wersja bazy definicji: 3849

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2010-03-11 12:54:10

mbam-log-2010-03-11 (12-54-00).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)

Przeskanowane obiekty: 203767

Upłynęło: 1 hour(s), 13 minute(s), 49 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 20

Zainfekowane wartości rejestru: 2

Zainfekowane pliki rejestru: 2

Zainfekowane foldery: 6

Zainfekowane pliki: 17

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

Zainfekowane wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowane foldery:

C:\Programme\MyGlobalSearch (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Zainfekowane pliki:

C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\000854A1 (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\000855D9 (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\00249BB4 (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\00E518BE.bin (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\00E5209D.bin (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\00E52CF2.bin (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\01FB9558 (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> No action taken.

C:\Programme\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken.

usunąłem zaznaczone zainfekowane pliki co dalej robić?

SKAN z Malwarebytes´Anti-Malware po usunieciu zainfekowanych plikow

Malwarebytes' Anti-Malware 1.44

Wersja bazy definicji: 3849

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

2010-03-11 15:32:57

mbam-log-2010-03-11 (15-32-57).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)

Przeskanowane obiekty: 203731

Upłynęło: 1 hour(s), 19 minute(s), 10 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 0

Zainfekowane foldery: 0

Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

(Nie wykryto groźnych plików)

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

(Nie wykryto groźnych plików)

czyli nie mam juz robaka wirusa? moge jeszcze cos zrobic?

Sevard · Marzec 11, 2010

Daj świeży log z RSITa, bo po tym co zrobił Malwarebytes' parę rzeczy powinno się w nim zmienić.

Mainzer92 · Marzec 11, 2010

Logfile of random's system information tool 1.06 (written by random/random)

Run by Besitzer at 2010-03-11 23:27:10

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 46 GB (60%) free of 76 GB

Total RAM: 502 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:18, on 2010-03-11