ComboFix.txt

Problem z Trojan.Win32.Generic

Mam problem zeskanowałem system kaperskim 2011 i znalazł wirusy wirus HEUR:Trojan.Win32.Generic podejrzane oprogramowanie HackTool.Win32.Kiser.il Kaspersky krzyczy aby zneutralizować ale nic się nie dzieje dalej są. Win 32 jest w kwarantannie nie idzie go wyleczyć. Jest jakiś sposób na pozbycie się go? Załączam logi z Combofixa i kis może na coś się zdadzą


ComboFix 10-10-31.01 - pinokio 2010-10-31 21:49:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.237 [GMT 1:00]
Uruchomiony z: d:\documents and settings\pinokio\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\pinokio\Dane aplikacji\chrtmp

.
((((((((((((((((((((((((( Pliki utworzone od 2010-09-28 do 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 20:20 . 2010-10-31 20:20 -------- d-----w- d:\documents and settings\pinokio\Dane aplikacji\Malwarebytes
2010-10-31 20:20 . 2010-10-31 20:54 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-10-31 20:20 . 2010-10-31 20:20 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-10-15 06:17 . 2009-09-27 22:02 797184 ----a-w- d:\windows\system32\ac3filter.ax
2010-10-15 06:17 . 2009-05-29 21:31 881664 ----a-w- d:\windows\system32\xvidcore.dll
2010-10-15 06:17 . 2008-07-02 18:44 258048 ----a-w- d:\windows\system32\libFLAC.dll
2010-10-15 06:17 . 2010-10-15 06:17 -------- d-----w- d:\program files\ALLPlayer
2010-10-05 07:58 . 2010-10-05 07:59 -------- d-----w- d:\documents and settings\pinokio\Ustawienia lokalne\Dane aplikacji\AskToolbar
2010-10-05 07:58 . 2010-10-05 07:58 -------- d-----w- d:\program files\Ask.com
2010-10-05 07:52 . 2010-10-05 07:52 -------- d-----w- d:\program files\MSXML 6.0
2010-10-05 07:42 . 2010-10-05 07:42 -------- d-----w- d:\documents and settings\pinokio\Dane aplikacji\HTML Executable
2010-10-03 10:33 . 2010-07-01 20:34 109240 ----a-w- d:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2010-10-03 10:33 . 2010-07-01 20:35 150200 ----a-w- d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2010-10-03 10:33 . 2010-10-03 10:33 97549 ----a-w- d:\windows\system32\drivers\klick.dat
2010-10-03 10:33 . 2010-10-03 10:33 113933 ----a-w- d:\windows\system32\drivers\klin.dat
2010-10-03 10:31 . 2010-10-03 10:31 -------- d-----w- d:\program files\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
" {00000000-6E41-4FD3-8538-502F5495E5FC} " = " d:\program files\Ask.com\GenericAskToolbar.dll " [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- d:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
" {D4027C7F-154A-4066-A1AD-4243D8127440} " = " d:\program files\Ask.com\GenericAskToolbar.dll " [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
" {D4027C7F-154A-4066-A1AD-4243D8127440} " = " d:\program files\Ask.com\GenericAskToolbar.dll " [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ALLUpdate " = " d:\program files\ALLPlayer\ALLUpdate.exe " [2010-03-23 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NETIANET " = " d:\program files\Netia\Net\netianet.exe " [2010-08-26 493568]
" AVP " = " d:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe " [2010-10-03 352976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " d:\windows\system32\CTFMON.EXE " [2004-08-03 15360]

d:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - d:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-8-26 1205840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= " Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-08-25 10:52 339968 ----a-w- d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-10-23 17:51 233472 ----a-w- d:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-09-01 11:42 176128 ----a-w- d:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42 90112 ------r- d:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =

R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2010-06-09 11352]
R3 e4usbaw;USB ADSL2 WAN Adapter;d:\windows\system32\drivers\e4usbaw.sys [2010-08-26 104344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;d:\windows\system32\drivers\klim5.sys [2010-05-07 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\drivers\klmouflt.sys [2009-11-02 19472]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);d:\windows\system32\drivers\e4ldr.sys [2010-08-26 69656]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);d:\windows\system32\drivers\s0016bus.sys [2010-09-12 89256]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);d:\windows\system32\drivers\s1018bus.sys [2010-09-12 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;d:\windows\system32\drivers\s1018mdfl.sys [2010-09-12 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;d:\windows\system32\drivers\s1018mdm.sys [2010-09-12 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);d:\windows\system32\drivers\s1018mgmt.sys [2010-09-12 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);d:\windows\system32\drivers\s1018nd5.sys [2010-09-12 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;d:\windows\system32\drivers\s1018obex.sys [2010-09-12 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);d:\windows\system32\drivers\s1018unic.sys [2010-09-12 109864]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys -- & gt; h:\NTGLM7X.sys [?]
.
Zawartoœae folderu 'Zaplanowane zadania'

2010-10-31 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.ask.com?o=15003 & l=dis
FF - ProfilePath - d:\documents and settings\pinokio\Dane aplikacji\Mozilla\Firefox\Profiles\a0huy3py.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8 & oe=UTF-8 & sourceid=navclient & gfns=1 & q=
FF - component: d:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX - SPOSÓB POST?POWANIA ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--mgbaam7a8h " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--fiqz9s " , true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--fiqs8s " , true); // Simplified
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--j6w193g " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--mgberp4a5d4ar " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--mgberp4a5d4a87g " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--mgbqly7c0a67fbc " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--mgbqly7cvafr " , true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--kpry57d " , true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref( " network.IDN.whitelist.xn--kprw13d " , true); // Simplified
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( " dom.ipc.plugins.enabled " , false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 21:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie uko?czone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'winlogon.exe'(640)
d:\windows\system32\Ati2evxx.dll

- - - - - - - & gt; 'explorer.exe'(4028)
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
d:\windows\system32\Ati2evxx.exe
d:\windows\system32\Ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas uko?czenia: 2010-10-31 21:57:48 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-10-31 20:57

Przed: 2 301 403 136 bajtów wolnych
Po: 4 696 432 640 bajtów wolnych

- - End Of File - - EF4939BF7462A444C04D93A970AD03B7


Pobierz plik - link do postu