Skocz do zawartości


Close Open
Close Open

x_blacharz

Dołączył: 21 Aug 2008
Offline Ostatnio aktywny: Jul 06 2009 10:04 AM
-----

Moje tematy

Proszę o sprawdzenie loga

21 August 2008 - 20:43 PM

witam
od kilku dni przy otwieraniu folderów wyskakuje mi :
Attention, ppp! Some dangerous viruses detected in your systemMicrosoft Windows Xp files corrupted.This may led to the destruction of important files in C:\\WINDOWS.Download protection software now!Click OK to download the antispyware (recommended)

po czym włącza sie strona internetowa, chcąc coś zainstalować

sprawdzałem system po kolei 3 różnymi programami antywirusowywmi, nic to nie dało

poniżej log z ComboFix'a
ComboFix 08-08-19.06 - Peter 2082-08-21 20:51:50.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.219 [GMT 2:00]Running from: C:\Documents and Settings\Peter\Pulpit\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED <img src='https://forum.idg.pl/public/style_emoticons/<#EMO_DIR#>/excl.gif' class='bbc_emoticon' alt='!!' /></strong>.- REDUCED FUNCTIONALITY MODE -.(((((((((((((((((((((((((   Files Created from 2082-07-21 to 2082-08-21  ))))))))))))))))))))))))))))))).2082-08-21 04:51 . 2082-08-21 05:01	<DIR>	d--------	C:\WINDOWS\system32\PAV2082-08-21 04:51 . 2082-08-21 04:51	<DIR>	d--------	C:\Program Files\Panda Security2082-08-21 04:51 . 2007-09-28 14:24	83,896	--a------	C:\WINDOWS\system32\drivers\pavdrv51.sys2082-08-21 04:51 . 2007-03-15 17:38	54,832	--a------	C:\WINDOWS\system32\pavcpl.cpl2082-08-21 04:51 . 2007-02-15 19:02	50,736	--a------	C:\WINDOWS\system32\avldr.dll2082-08-21 04:51 . 2082-08-21 04:51	248	--a------	C:\WINDOWS\system32\PavCPL.dat2082-08-21 04:45 . 2007-07-12 14:49	178,872	--a------	C:\WINDOWS\system32\drivers\PavProc.sys2082-08-21 04:45 . 2007-05-23 16:40	38,968	--a------	C:\WINDOWS\system32\drivers\ShlDrv51.sys2082-08-20 23:01 . 2082-08-20 23:15	<DIR>	d--------	C:\Documents and Settings\Peter\Dane aplikacji\Symantec2082-08-20 23:00 . 2082-08-21 04:50	<DIR>	d--------	C:\Program Files\Symantec2082-08-20 23:00 . 2082-08-21 05:24	<DIR>	d--------	C:\Program Files\Common Files\Symantec Shared2082-08-20 23:00 . 2082-08-21 04:50	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Symantec2082-08-20 20:42 . 2082-08-20 22:52	<DIR>	d--------	C:\Program Files\mks_vir_2007.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2082-08-21 16:32	118,784	----a-w	C:\WINDOWS\system32\blphc1rmj0e3e5.scr.------- Sigcheck -------2008-05-17 14:44  487424  5f1ccdf37f28a88d0473b0c9ea1e0d58	C:\WINDOWS\system32\user32.dll2008-05-17 14:40  2190208  5fb59f2506787a7e036b7c2eff1cce24	C:\WINDOWS\system32\ntoskrnl.exe2008-05-17 14:36  1503232  67eacb65fbb0997dd3be8e4f1a5fe069	C:\WINDOWS\explorer.exe2008-05-17 14:35  40448  0277e1a3e8b337555a45943808451981	C:\WINDOWS\system32\ctfmon.exe.(((((((((((((((((((((((((((((   snapshot_2008-08-19_20.56.17.06   ))))))))))))))))))))))))))))))))))))))))).- 2008-07-28 14:14:18	70,038	----a-w	C:\WINDOWS\system32\perfc009.dat+ 2082-08-21 02:53:52	70,038	----a-w	C:\WINDOWS\system32\perfc009.dat- 2008-07-28 14:14:18	87,352	----a-w	C:\WINDOWS\system32\perfc015.dat+ 2082-08-21 02:53:52	87,352	----a-w	C:\WINDOWS\system32\perfc015.dat- 2008-07-28 14:14:18	439,114	----a-w	C:\WINDOWS\system32\perfh009.dat+ 2082-08-21 02:53:52	439,114	----a-w	C:\WINDOWS\system32\perfh009.dat- 2008-07-28 14:14:18	497,766	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2082-08-21 02:53:52	497,766	----a-w	C:\WINDOWS\system32\perfh015.dat+ 2005-09-22 23:35:10	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\vcomp.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEAF8FFD-A61C-46EF-A970-D77D90246918}]2008-08-19 20:39	18432	--a------	C:\WINDOWS\system32\sabx.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VisualTaskTips"="C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 11:20 36352]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-05-17 14:35 40448]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-05-16 18:32 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-04-10 03:04 74240]"lphc1rmj0e3e5"="C:\WINDOWS\system32\lphc1rmj0e3e5.exe" [2008-08-19 20:40 187392]"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" [2007-10-04 15:15 455984][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 14:59 62976]"VisualTaskTips"="C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 11:20 36352]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:51 22059816][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WlanUtility.lnk - C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe [2005-10-14 20:00:52 173056][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoInstrumentation"= 1 (0x1)"NoStartMenuMFUprogramsList"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoInstrumentation"= 1 (0x1)"NoStartMenuMFUprogramsList"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.i420"= i263_32.drv"msacm.divxa32"= msaud32_divx.acm"VIDC.YV12"= yv12vfw.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2006-02-26 17:21]R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]R1 VBoxDrv;VirtualBox Service;C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-04-30 22:12]R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-04-30 22:12]R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-07-12 21:58][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47ed0f58-5d90-11dd-86a1-000c6efa658a}]\Shell\AutoRun\command - xp19.com\Shell\explore\Command - xp19.com\Shell\open\Command - xp19.com[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead68ab8-6bfb-11dd-b9f6-000c6efa658a}]\Shell\AutoRun\command - J:\t1ypkh.exe\Shell\explore\Command - J:\t1ypkh.exe\Shell\open\Command - J:\t1ypkh.exe.Contents of the 'Scheduled Tasks' folder2082-08-21 C:\WINDOWS\Tasks\Symantec NetDetect.job- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-20 18:26]..------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Peter\Dane aplikacji\Mozilla\Firefox\Profiles\o9jzhu2l.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl/..------- File Associations (Beta) -------.inffile=C:\WINDOWS\system32\Notepad2.exe %1inifile=C:\WINDOWS\system32\Notepad2.exe %1txtfile=C:\WINDOWS\system32\Notepad2.exe %1.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2082-08-21 20:52:08Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl".--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\Program Files\Utilities\VisualTaskTips\VttHooks.dll.Completion time: 2082-08-21 20:55:59ComboFix-quarantined-files.txt  2082-08-21 18:55:54ComboFix2.txt  2082-08-20 15:42:27ComboFix3.txt  2008-08-19 18:56:39ComboFix4.txt  2008-07-29 18:39:50Pre-Run: 1,109,135,360 bajtów wolnychPost-Run: 1,232,683,008 bajtów wolnych158	--- E O F ---	2008-07-28 22:05:43