Kaspersky nie aktualizuje się na laptopie - analiza loga z ComboFixa
Witam
Bardzo dziękuję za szybką odpowiedz.
Zrobiłem plik CFScript.txt z zalecaną treścią i nałożyłem go na ComboFix.exe.
ComboFix przeskanował komputer plik w załączniku:
Zablokowałem dostęp do klucza mountpoints2, a następnie przeskanowałem komputer Malwarebytes Anti-Malware. Znalazł dwa Wirusy i je usunął log w załączniku:
Problem nadal istnieje Kaspersky nie chce się aktualizować.
Proszę o dalszą pomoc.
Pobierz plik - link do postu
ComboFix 09-03-06.02 - W³aciciel 2009-03-10 21:26:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1015.594 [GMT 1:00]
Uruchomiony z: d:\serwis_2006\Instale\Anty_Vir\ComboFix.exe
U¿yto nastêpuj¹cych komend :: d:\serwis_2006\Instale\Anty_Vir\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Kaspersky Anti-Virus *disabled*
* Utworzono nowy punkt przywracania
FILE ::
C:\dbrxubcw.com
C:\gi2ky.exe
c:\windows\Tasks\PCConfidential.job
D:\dbrxubcw.com
.
((((((((((((((((((((((((((((((((((((((( Usuniêto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dbrxubcw.com
C:\gi2ky.exe
c:\windows\Tasks\PCConfidential.job
D:\dbrxubcw.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-10 do 2009-03-10 )))))))))))))))))))))))))))))))
.
2009-03-06 09:04 . 2009-03-06 09:04 & lt; DIR & gt; d--hs---- c:\documents and settings\W³aciciel\UserData
2009-03-06 09:04 . 2009-03-06 09:04 & lt; DIR & gt; d--hs---- c:\documents and settings\W³aciciel\UserData
2009-03-05 23:49 . 2009-03-05 23:50 & lt; DIR & gt; d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-05 23:49 . 2009-03-05 23:49 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\Malwarebytes
2009-03-05 23:49 . 2009-03-05 23:49 & lt; DIR & gt; d-------- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-03-05 23:49 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-05 23:49 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-05 12:06 . 2009-03-05 12:07 & lt; DIR & gt; d-------- c:\program files\Common Files\Funk Software
2009-03-05 12:05 . 2009-03-05 12:06 & lt; DIR & gt; d-------- c:\program files\Option
2009-03-05 12:05 . 2009-03-05 12:05 & lt; DIR & gt; d-------- c:\documents and settings\All Users\Dane aplikacji\GlobeTrotter Mobility Manager
2009-03-05 12:03 . 2009-03-05 12:03 & lt; DIR & gt; d-------- c:\windows\system32\URTTEMP
2009-03-04 21:13 . 2009-03-04 21:13 49 --a------ c:\windows\RTEDiag.INI
2009-03-02 19:56 . 2009-03-02 19:56 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\Nokia Multimedia Player
2009-03-02 19:44 . 2008-04-14 18:20 14,720 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-02 19:44 . 2008-04-14 18:20 14,720 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-03-01 12:50 . 2009-03-01 12:50 & lt; DIR & gt; d-------- c:\program files\LizardTech
2009-02-28 15:18 . 2009-02-28 15:18 & lt; DIR & gt; d-------- c:\program files\EAGLE-5.4.0
2009-02-28 15:18 . 2009-02-28 15:18 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\CadSoft
2009-02-27 09:52 . 2009-02-27 09:53 1,374 --a------ c:\windows\imsins.BAK
2009-02-26 12:06 . 2009-02-28 15:19 & lt; DIR & gt; d-------- c:\program files\EAGLE-4.13r1
2009-02-26 12:06 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe
2009-02-24 20:57 . 2009-01-09 20:19 1,089,883 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-23 11:14 . 2009-02-23 11:14 & lt; DIR & gt; d-------- c:\program files\CCleaner
2009-02-23 10:42 . 2009-02-23 10:53 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-23 10:41 . 2009-03-10 21:28 7,913,504 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-23 10:41 . 2009-03-10 21:28 176,160 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-23 10:41 . 2009-03-10 15:01 111,344 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-23 10:41 . 2009-02-23 10:53 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-23 10:41 . 2009-03-10 15:01 20,240 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-23 09:49 . 2009-02-23 09:49 & lt; DIR & gt; d-------- c:\documents and settings\Administrator\Dane aplikacji\Folder przesy³ania Share-to-Web
2009-02-23 09:35 . 2009-02-23 09:35 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\Sonic
2009-02-23 09:22 . 2009-02-23 09:22 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\Leadertech
2009-02-23 09:03 . 2009-02-23 09:03 & lt; DIR & gt; d-------- c:\program files\Trend Micro
2009-02-21 14:13 . 2009-03-01 16:19 & lt; DIR & gt; d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-19 19:38 . 2009-03-10 21:28 & lt; DIR & gt; d--h----- c:\documents and settings\Goæ\Ustawienia lokalne
2009-02-19 19:38 . 2009-03-10 21:28 & lt; DIR & gt; d--h----- c:\documents and settings\Goæ\Ustawienia lokalne
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Ulubione
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Ulubione
2009-02-19 19:38 . 2008-04-14 11:35 & lt; DIR & gt; d--h----- c:\documents and settings\Goæ\Szablony
2009-02-19 19:38 . 2008-04-14 11:35 & lt; DIR & gt; d--h----- c:\documents and settings\Goæ\Szablony
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Pulpit
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Pulpit
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Moje dokumenty
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; d-------- c:\documents and settings\Goæ\Moje dokumenty
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; dr------- c:\documents and settings\Goæ\Menu Start
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; dr------- c:\documents and settings\Goæ\Menu Start
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; dr-h----- c:\documents and settings\Goæ\Dane aplikacji
2009-02-19 19:38 . 2008-04-14 13:08 & lt; DIR & gt; dr-h----- c:\documents and settings\Goæ\Dane aplikacji
2009-02-19 19:38 . 2009-02-19 19:38 & lt; DIR & gt; d-------- c:\documents and settings\Goæ
2009-02-17 06:58 . 2009-02-17 06:59 & lt; DIR & gt; d-------- C:\Satchwell_2
2009-02-16 22:42 . 2009-02-16 22:42 & lt; DIR & gt; d-------- c:\documents and settings\All Users\Dane aplikacji\Adobe Systems
2009-02-16 14:33 . 2009-02-16 14:33 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\Uniblue
2009-02-13 21:10 . 2009-02-13 21:10 & lt; DIR & gt; d-------- C:\Temp
2009-02-12 13:20 . 2006-03-07 12:44 446,464 -ra------ c:\windows\system32\HHActiveX.dll
2009-02-12 09:03 . 2009-03-10 20:19 & lt; DIR & gt; d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-02-12 08:59 . 2009-02-12 08:59 & lt; DIR & gt; d-------- C:\KAV
2009-02-11 18:01 . 2009-02-11 18:01 & lt; DIR & gt; d-------- c:\documents and settings\W³aciciel\Dane aplikacji\InterVideo
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 22:15 --------- d-----w c:\program files\Scan2CADv7Trial
2009-03-04 21:53 --------- d-----w c:\program files\Common Files\SmartCom
2009-03-01 11:51 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-01 11:50 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 23:38 --------- d-----w c:\documents and settings\W³aciciel\Dane aplikacji\skypePM
2009-02-23 09:53 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-02-23 06:13 --------- d-----w c:\documents and settings\W³aciciel\Dane aplikacji\SmartShopper
2009-02-16 08:07 12,288 ----a-w c:\windows\system32\regsvr32.exe
2009-02-12 08:03 --------- d-----w c:\program files\Kaspersky Lab
2009-02-11 08:13 --------- d-----w c:\documents and settings\W³aciciel\Dane aplikacji\Image Zone Express
2009-02-02 22:59 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-02 22:59 --------- d-----w c:\program files\JRE
2009-01-23 16:32 --------- d-----w c:\program files\MSXML 4.0
2009-01-11 00:19 --------- d-----w c:\program files\IrfanView
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-15 20:02 6,656 ----a-w c:\windows\system32\haspvdd.dll
2008-10-01 05:15 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-10-01 05:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
2008-10-01 05:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008100120081002\index.dat
2008-10-01 05:15 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domylne, prawid³owe wpisy nie s¹ pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" MSMSGS " = " c:\program files\Messenger\msmsgs.exe " [2008-04-14 1695232]
" ctfmon.exe " = " c:\windows\system32\ctfmon.exe " [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SoundMAXPnP " = " c:\program files\Analog Devices\Core\smax4pnp.exe " [2005-05-20 925696]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2005-11-10 761945]
" igfxtray " = " c:\windows\system32\igfxtray.exe " [2006-03-23 94208]
" igfxhkcmd " = " c:\windows\system32\hkcmd.exe " [2006-03-23 77824]
" igfxpers " = " c:\windows\system32\igfxpers.exe " [2006-03-23 118784]
" SunJavaUpdateSched " = " c:\program files\Java\jre1.6.0_07\bin\jusched.exe " [2008-06-10 144784]
" hpWirelessAssistant " = " c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe " [2006-02-14 454656]
" LifeCam " = " c:\program files\Microsoft LifeCam\LifeExp.exe " [2007-05-17 279912]
" VX1000 " = " c:\windows\vVX1000.exe " [2007-04-10 709992]
" Share-to-Web Namespace Daemon " = " c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe " [2002-04-17 69632]
" HP Software Update " = " c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe " [2007-03-11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]
" PcSync " = " c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe " [2006-11-09 1634304]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
GlobeTrotter Mobility Manager.lnk - c:\program files\Option\GlobeTrotter Mobility Manager\GlobeTrotter Mobility Manager.exe [2006-03-21 3612672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 18:21 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
" DisableMonitoring " =dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe " =
" c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe " =
" c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe " =
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 8461:TCP " = 8461:TCP:GoD High Port
" 8462:TCP " = 8462:TCP:GoD Low Port
R3 GTF32BUS;GT F32 BUS;c:\windows\system32\drivers\gtf32bus.sys [2008-04-15 32640]
R3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2008-04-15 8064]
R3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [2008-04-15 19328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-05-30 24344]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys -- & gt; c:\windows\system32\drivers\cdaudio.sys [?]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-05-09 35824]
S3 TheTerminator;TheTerminator;c:\satchwell\Binary\VisiSat\TheTerminator.exe [2008-05-30 69632]
S3 VSSGateway;VSSGateway;c:\satchwell\Binary\VisiSat\VSSGateway.exe [2008-05-30 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Skan uzupe³niaj¹cy -------
.
uStart Page = hxxp://monitoring.promar.com.pl/log.php
uInternet Connection Wizard,ShellNext = hxxp://192.168.2.5/
IE: Dodaj do blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
TCP: {D3A6BA91-0B60-4CB9-856F-9853F0C2A76B} = 213.158.199.1 213.158.199.5
FF - ProfilePath - c:\documents and settings\W³aciciel\Dane aplikacji\Mozilla\Firefox\Profiles\2qbngrxi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr= & ie=UTF-8 & oe=UTF-8 & q=
FF - component: c:\documents and settings\W³aciciel\Dane aplikacji\Mozilla\Firefox\Profiles\2qbngrxi.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 21:28:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomylnie ukoñczone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h|ÿÿÿÿ¤|ù6~�*]
" AB141C35E9F4BF344B9FC010BB17F68A " = " "
.
--------------------- Pliki DLL ³adowane pod uruchomionymi procesami ---------------------
- - - - - - - & gt; 'winlogon.exe'(176)
c:\windows\system32\klogon.dll
c:\program files\Option\Odyssey\odLogin.dll
.
Czas ukoñczenia: 2009-03-10 21:29:46
ComboFix-quarantined-files.txt 2009-03-10 20:29:43
ComboFix2.txt 2009-03-05 20:56:49
Przed: 16 838 148 096 bajtów wolnych
Po: 16,819,712,000 bajtów wolnych
192 --- E O F --- 2009-03-10 14:01:07
