Skocz do zawartości


Zdjęcie

Logi - Masakrycznie zainfekowany system

Rozpoczęty przez macko444 , 25 11 2008 14:47

  • Zamknięty Temat jest zamknięty
4 odpowiedzi w tym temacie

#1 macko444

macko444

    Początkujący

  • 38 postów

Napisano 25 11 2008 - 14:47

Proszę o pomoc przy sprawdzeniu loga:

ComboFix 08-11-24.03 - Hendry 2008-11-25 13:38:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.265 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Hendry\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0w.com
C:\abk.bat
C:\Autorun.inf
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Hendry\Ulubione\Cheap Pharmacy Online.url
c:\documents and settings\Hendry\Ulubione\Search Online.url
c:\documents and settings\Hendry\Ulubione\SMS TRAP.url
c:\documents and settings\Hendry\Ulubione\VIP Casino.url
C:\ij.bat
C:\nq0cq.cmd
c:\program files\WinDefender
c:\program files\WinDefender\windef.exe
c:\program files\WinDefender\WinDefender.s1
c:\windows\k.txt
c:\windows\system32\c.ico
c:\windows\system32\ckvo.exe
c:\windows\system32\ckvo0.dll
c:\windows\system32\ckvo1.dll
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
C:\yannh.cmd
E:\0w.com
E:\abk.bat
E:\Autorun.inf
E:\ij.bat
E:\nq0cq.cmd
E:\yannh.cmd
F:\0w.com
F:\abk.bat
F:\Autorun.inf
F:\ij.bat
F:\nq0cq.cmd
F:\yannh.cmd
G:\0w.com
G:\abk.bat
G:\Autorun.inf
G:\ij.bat
G:\nq0cq.cmd
G:\yannh.cmd
I:\abk.bat
I:\autorun.inf
I:\ij.bat
I:\nq0cq.cmd
I:\yannh.cmd

----- BITS: Możliwe zainfekowane strony -----

hxxp://megauplinkbindinstaller.com
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-25 do 2008-11-25 )))))))))))))))))))))))))))))))
.

2008-11-25 13:19 . 2008-11-25 13:19 98,304 --a------ c:\windows\system32\sdsheol.dll
2008-11-25 13:19 . 2008-11-25 13:19 34,494 --a------ c:\windows\system32\m2.ico
2008-11-25 12:55 . 2008-11-25 12:57 0 --a------ c:\windows\galaxy.ini
2008-11-25 12:07 . 2008-11-25 12:17 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Cream Software
2008-11-23 22:11 . 2008-11-23 22:11 <DIR> d-------- c:\program files\Advanced Disk Catalog
2008-11-23 15:29 . 2008-11-23 15:29 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Media Player Classic
2008-11-21 18:37 . 2008-11-21 18:37 <DIR> d-------- c:\program files\Real Alternative
2008-11-19 09:09 . 2008-11-19 09:09 <DIR> d-------- c:\program files\SlySoft
2008-11-19 09:09 . 2008-11-19 09:10 24 ---hs---- c:\windows\S1611E86E.tmp
2008-11-17 09:34 . 2008-11-17 09:34 <DIR> d-------- c:\program files\free-downloads.net
2008-11-17 09:34 . 2008-11-17 09:34 <DIR> d-------- c:\program files\Conduit
2008-11-17 09:33 . 2008-11-17 09:33 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-15 13:38 . 2008-11-25 13:36 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\foobar2000
2008-11-14 16:20 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm
2008-11-14 16:20 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-14 16:20 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-14 16:19 . 2008-11-14 16:19 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-14 16:19 . 2008-03-21 21:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-14 16:19 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-14 16:19 . 2008-03-31 22:25 682,496 --a------ c:\windows\system32\divx.dll
2008-11-14 16:19 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-14 16:19 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-14 16:19 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-14 16:19 . 2008-03-21 21:28 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-14 16:19 . 2008-03-28 18:41 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-14 16:19 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-12 15:43 . 2008-11-25 09:14 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-12 08:43 . 2008-11-12 15:43 99,461 -r-hs---- C:\lky.exe
2008-11-09 00:04 . 2008-11-09 00:04 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Ahead
2008-11-08 11:54 . 2008-11-08 11:54 <DIR> d-------- c:\program files\Webteh
2008-11-08 11:54 . 2008-11-08 11:54 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\BSplayer Pro
2008-11-08 11:54 . 2008-11-08 12:03 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\BSplayer
2008-11-08 11:53 . 2008-11-08 11:53 <DIR> d-------- c:\program files\MarBit
2008-11-07 13:36 . 2008-11-07 13:36 <DIR> d--h----- c:\windows\PIF
2008-11-07 10:09 . 2008-11-07 10:08 109,879 -r-hs---- C:\sq.com
2008-11-05 18:17 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2008-11-05 18:16 . 2008-11-05 18:16 <DIR> d-------- c:\program files\Alwil Software
2008-11-05 10:08 . 2008-11-05 10:08 8 --a------ c:\windows\system32\ntP2.trk
2008-11-05 10:02 . 2008-11-05 10:02 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-05 10:02 . 2008-11-05 10:02 <DIR> d-------- c:\program files\Ahead
2008-11-05 10:02 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-05 10:02 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-05 10:02 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-05 10:02 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-05 10:02 . 2003-03-29 16:45 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys
2008-11-05 10:02 . 2003-07-29 17:09 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2008-11-05 10:02 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-05 09:38 . 2008-11-05 09:38 45 --a------ c:\windows\RK_DPSS.INI
2008-11-04 19:20 . 2008-11-04 19:20 <DIR> d-------- c:\program files\BearShare
2008-11-04 19:20 . 2008-11-05 19:52 <DIR> d-------- C:\My Downloads
2008-11-03 10:00 . 2008-11-03 10:00 <DIR> d-------- c:\program files\Foxit Software
2008-10-31 20:31 . 2008-10-31 20:31 320 --ahs---- c:\windows\klif.spi
2008-10-30 22:18 . 2008-10-31 12:08 <DIR> d-------- c:\program files\PhotoScape
2008-10-30 14:30 . 2008-10-30 14:30 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-10-30 14:30 . 2008-10-30 14:30 <DIR> d-------- c:\program files\Samsung
2008-10-30 14:30 . 2007-05-02 11:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys
2008-10-30 14:30 . 2007-05-02 11:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys
2008-10-30 14:30 . 2007-05-02 11:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys
2008-10-30 14:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-10-30 14:29 . 2008-10-30 14:29 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-30 13:40 . 2008-10-30 13:40 427 --a------ c:\windows\ODBC.INI
2008-10-30 13:22 . 2008-11-03 10:09 <DIR> d-------- c:\windows\SHELLNEW
2008-10-30 12:21 . 2008-10-30 12:21 <DIR> d-------- c:\program files\Trend Micro
2008-10-30 11:23 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-30 11:18 . 2008-11-03 10:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-10-29 20:06 . 2008-10-29 20:06 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-29 20:01 . 2008-10-29 20:01 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\KONAMI
2008-10-29 19:35 . 2008-10-29 19:36 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-29 19:34 . 2008-10-29 19:34 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\DAEMON Tools
2008-10-29 19:34 . 2008-10-29 19:34 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-29 16:54 . 2008-10-29 16:54 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-29 09:35 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-28 22:42 . 2008-10-28 22:42 <DIR> d-------- c:\program files\Kaspersky Lab
2008-10-28 22:41 . 2008-10-28 22:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-10-28 22:10 . 2008-10-28 22:10 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Gadu-Gadu
2008-10-28 22:09 . 2008-10-28 22:09 <DIR> d-------- c:\program files\Gadu-Gadu
2008-10-28 22:09 . 2008-10-31 16:58 <DIR> d-------- c:\documents and settings\Hendry\Gadu-Gadu
2008-10-28 22:06 . 2008-10-28 22:06 0 --a------ c:\windows\nsreg.dat
2008-10-28 22:01 . 2008-10-28 22:01 <DIR> d---s---- c:\documents and settings\Hendry\UserData

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 08:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 18:48 --------- d-----w c:\documents and settings\Hendry\Dane aplikacji\ATI
2008-10-28 18:46 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-28 18:46 --------- d-----w c:\program files\ATI Technologies
2008-10-28 18:39 --------- d-----w c:\program files\AMD
2008-10-28 18:38 --------- d-----w c:\program files\Realtek Sound Manager
2008-10-28 18:38 --------- d-----w c:\program files\AvRack
2008-10-28 18:32 --------- d-----w c:\program files\microsoft frontpage
2008-10-28 18:30 --------- d-----w c:\program files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0848225A-8181-42FC-8C68-F0A543B12967}]
2008-11-25 13:19 98304 --a------ c:\windows\system32\sdsheol.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"GoD"="c:\documents and settings\Hendry\Moje dokumenty\GoD\GoD.exe" [2008-10-25 2517504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-13 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="i:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SoundMan"="SOUNDMAN.EXE" [2005-01-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-13 32768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"i:\\WapSter AQQ\\aqq.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2094a0c1-a524-11dd-acaf-806d6172696f}]
\Shell\AutoRun\command - E:\xih9.cmd
\Shell\explore\Command - E:\xih9.cmd
\Shell\open\Command - E:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2094a0c2-a524-11dd-acaf-806d6172696f}]
\Shell\AutoRun\command - H:\xih9.cmd
\Shell\explore\Command - H:\xih9.cmd
\Shell\open\Command - H:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{836a2a31-a66a-11dd-acb9-0004619f1d1a}]
\Shell\AutoRun\command - J:\abk.bat
\Shell\explore\Command - J:\abk.bat
\Shell\open\Command - J:\abk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae24c043-a525-11dd-a8fc-806d6172696f}]
\Shell\AutoRun\command - e:\autorun\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f512199b-a51f-11dd-a3f1-806d6172696f}]
\Shell\AutoRun\command - X:\setup.exe

*Newly Created Service* - BITS
*Newly Created Service* - CATCHME
*Newly Created Service* - CLR_OPTIMIZATION_V2.0.50727_32
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Hendry\Dane aplikacji\Mozilla\Firefox\Profiles\u9f5ipy6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 13:39:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2008-11-25 13:39:49
ComboFix-quarantined-files.txt 2008-11-25 12:39:36

Przed: 4 733 456 384 bajtów wolnych
Po: 5,544,824,832 bajtów wolnych

253

Dziękuję za pomoc!

Dodaje jeszcze loga z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:58, on 2008-11-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\foobar2000\foobar2000.exe
I:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: win32ie.a - {0848225A-8181-42FC-8C68-F0A543B12967} - C:\WINDOWS\system32\sdsheol.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] I:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [GoD] "C:\Documents and Settings\Hendry\Moje dokumenty\GoD\GoD.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E2E7BB-21D5-4AEB-9900-DC77A0F45E56}: NameServer = 194.204.159.1,195.117.3.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4943 bytes



  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 25 11 2008 - 21:48

Wklej do Notatnika:
File::
c:\windows\system32\sdsheol.dll
c:\windows\system32\m2.ico
C:\lky.exe
d:\lky.exe
e:\lky.exe
f:\lky.exe
g:\lky.exe
i:\lky.exe
C:\sq.com
d:\sq.com
e:\sq.com
f:\sq.com
g:\sq.com
i:\sq.com
E:\xih9.cmd
c:\xih9.cmd
d:\xih9.cmd
f:\xih9.cmd
g:\xih9.cmd
i:\xih9.cmd
H:\xih9.cmd
J:\abk.bat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0848225A-8181-42FC-8C68-F0A543B12967}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Dołączona grafika

Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat

  • 0

#3 macko444

macko444

    Początkujący

  • 38 postów

Napisano 26 11 2008 - 09:45

Po tym co mi podałeś wydaje mi się że już wszystko jest dobrze ;>
Podaje jeszcze loga z Combo do sprawdzenia:

ComboFix 08-11-26.03 - Hendry 2008-11-26 8:36:30.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.278 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Hendry\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Hendry\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika

FILE ::
C:\lky.exe
C:\sq.com
c:\windows\system32\m2.ico
c:\windows\system32\sdsheol.dll
c:\xih9.cmd
d:\lky.exe
d:\sq.com
d:\xih9.cmd
e:\lky.exe
e:\sq.com
E:\xih9.cmd
f:\lky.exe
f:\sq.com
f:\xih9.cmd
g:\lky.exe
g:\sq.com
g:\xih9.cmd
H:\xih9.cmd
i:\lky.exe
i:\sq.com
i:\xih9.cmd
J:\abk.bat
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lky.exe
c:\program files\WinDefender
c:\program files\WinDefender\WinDefender.s1
C:\sq.com
c:\windows\k.txt
c:\windows\system32\m2.ico
c:\windows\system32\sdsheol.dll
e:\lky.exe
e:\sq.com
f:\lky.exe
f:\sq.com
g:\lky.exe
g:\sq.com
i:\lky.exe
i:\sq.com

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-26 do 2008-11-26 )))))))))))))))))))))))))))))))
.

2008-11-25 17:13 . 2008-11-25 19:42 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-25 17:13 . 2008-11-25 19:42 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 17:13 . 2008-11-25 19:42 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-25 17:00 . 2008-11-25 17:00 <DIR> d-------- c:\program files\Electronic Arts
2008-11-25 16:55 . 2008-11-25 16:55 1,180 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Leadertech
2008-11-25 16:43 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-11-25 16:43 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-11-25 16:43 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-11-25 16:43 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-11-25 16:43 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-11-25 16:43 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-11-25 15:00 . 2008-11-25 15:07 81,984 --a------ c:\windows\system32\bdod.bin
2008-11-25 14:57 . 2008-11-25 15:08 <DIR> d-------- c:\program files\Common Files\Softwin
2008-11-25 14:10 . 2008-11-25 14:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-11-25 12:55 . 2008-11-25 12:57 0 --a------ c:\windows\galaxy.ini
2008-11-25 12:07 . 2008-11-25 12:17 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Cream Software
2008-11-24 08:23 . 2008-11-24 08:24 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\EurekaLog
2008-11-23 15:29 . 2008-11-25 14:51 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-21 18:38 . 2008-11-21 18:38 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Media Player Classic
2008-11-21 18:37 . 2008-11-21 18:37 <DIR> d-------- c:\program files\Real Alternative
2008-11-19 09:09 . 2008-11-19 09:09 <DIR> d-------- c:\program files\SlySoft
2008-11-19 09:09 . 2008-11-19 09:10 24 ---hs---- c:\windows\S1611E86E.tmp
2008-11-17 09:34 . 2008-11-17 09:34 <DIR> d-------- c:\program files\free-downloads.net
2008-11-17 09:34 . 2008-11-17 09:34 <DIR> d-------- c:\program files\Conduit
2008-11-17 09:33 . 2008-11-17 09:33 <DIR> d-------- c:\program files\Alcohol Soft
2008-11-15 13:38 . 2008-11-24 08:33 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\foobar2000
2008-11-14 16:20 . 2006-09-24 16:11 389,120 --a------ c:\windows\system32\lameACM.acm
2008-11-14 16:20 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-14 16:20 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-14 16:19 . 2008-11-14 16:19 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-14 16:19 . 2008-03-21 21:30 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-14 16:19 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-14 16:19 . 2008-03-31 22:25 682,496 --a------ c:\windows\system32\divx.dll
2008-11-14 16:19 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-14 16:19 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-14 16:19 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-14 16:19 . 2008-03-21 21:28 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-14 16:19 . 2008-03-28 18:41 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-14 16:19 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-12 15:43 . 2008-11-25 09:14 85,504 -r-hs---- c:\windows\system32\gasretyw1.dll
2008-11-09 00:04 . 2008-11-09 00:04 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Ahead
2008-11-08 11:54 . 2008-11-08 11:54 <DIR> d-------- c:\program files\Webteh
2008-11-08 11:54 . 2008-11-08 11:54 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\BSplayer Pro
2008-11-08 11:54 . 2008-11-08 12:03 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\BSplayer
2008-11-08 11:53 . 2008-11-08 11:53 <DIR> d-------- c:\program files\MarBit
2008-11-07 13:36 . 2008-11-07 13:36 <DIR> d--h----- c:\windows\PIF
2008-11-05 18:16 . 2008-11-05 18:16 <DIR> d-------- c:\program files\Alwil Software
2008-11-05 10:08 . 2008-11-05 10:08 8 --a------ c:\windows\system32\ntP2.trk
2008-11-05 10:02 . 2008-11-05 10:02 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-05 10:02 . 2008-11-05 10:02 <DIR> d-------- c:\program files\Ahead
2008-11-05 10:02 . 2001-07-06 14:41 569,344 --a------ c:\windows\system32\imagr5.dll
2008-11-05 10:02 . 2001-07-06 12:44 544,768 --a------ c:\windows\system32\imagx5.dll
2008-11-05 10:02 . 2001-07-06 18:24 283,920 --a------ c:\windows\system32\ImagXpr5.dll
2008-11-05 10:02 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-05 10:02 . 2003-03-29 16:45 89,184 --a------ c:\windows\system32\drivers\imagedrv.sys
2008-11-05 10:02 . 2003-07-29 17:09 57,344 --a------ c:\windows\system32\ImageDrive.cpl
2008-11-05 10:02 . 2001-06-26 08:15 38,912 --a------ c:\windows\system32\picn20.dll
2008-11-05 09:38 . 2008-11-05 09:38 45 --a------ c:\windows\RK_DPSS.INI
2008-11-04 19:20 . 2008-11-04 19:20 <DIR> d-------- c:\program files\BearShare
2008-11-04 19:20 . 2008-11-05 19:52 <DIR> d-------- C:\My Downloads
2008-11-03 10:00 . 2008-11-03 10:00 <DIR> d-------- c:\program files\Foxit Software
2008-10-31 20:31 . 2008-10-31 20:31 320 --ahs---- c:\windows\klif.spi
2008-10-30 22:18 . 2008-10-31 12:08 <DIR> d-------- c:\program files\PhotoScape
2008-10-30 14:30 . 2008-10-30 14:30 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2008-10-30 14:30 . 2008-10-30 14:30 <DIR> d-------- c:\program files\Samsung
2008-10-30 14:30 . 2007-05-02 11:12 109,704 --a------ c:\windows\system32\drivers\ssm_mdm.sys
2008-10-30 14:30 . 2007-05-02 11:12 83,592 --a------ c:\windows\system32\drivers\ssm_bus.sys
2008-10-30 14:30 . 2007-05-02 11:12 15,112 --a------ c:\windows\system32\drivers\ssm_mdfl.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_whnt.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_wh.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cmnt.sys
2008-10-30 14:30 . 2007-05-02 11:12 12,424 --a------ c:\windows\system32\drivers\ssm_cm.sys
2008-10-30 14:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-10-30 14:29 . 2008-10-30 14:29 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-30 13:40 . 2008-10-30 13:40 427 --a------ c:\windows\ODBC.INI
2008-10-30 13:22 . 2008-11-03 10:09 <DIR> d-------- c:\windows\SHELLNEW
2008-10-30 12:21 . 2008-10-30 12:21 <DIR> d-------- c:\program files\Trend Micro
2008-10-30 11:23 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-30 11:18 . 2008-11-03 10:09 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-10-29 20:06 . 2008-10-29 20:06 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-10-29 20:01 . 2008-10-29 20:01 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\KONAMI
2008-10-29 19:35 . 2008-10-29 19:36 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-29 19:34 . 2008-10-29 19:34 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\DAEMON Tools
2008-10-29 19:34 . 2008-10-29 19:34 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-29 16:54 . 2008-11-25 16:53 <DIR> d-------- c:\windows\system32\LogFiles
2008-10-29 09:35 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-28 22:42 . 2008-10-28 22:42 <DIR> d-------- c:\program files\Kaspersky Lab
2008-10-28 22:41 . 2008-10-28 22:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-10-28 22:10 . 2008-10-28 22:10 <DIR> d-------- c:\documents and settings\Hendry\Dane aplikacji\Gadu-Gadu
2008-10-28 22:09 . 2008-10-28 22:09 <DIR> d-------- c:\program files\Gadu-Gadu
2008-10-28 22:09 . 2008-10-31 16:58 <DIR> d-------- c:\documents and settings\Hendry\Gadu-Gadu
2008-10-28 22:06 . 2008-10-28 22:06 0 --a------ c:\windows\nsreg.dat
2008-10-28 22:01 . 2008-10-28 22:01 <DIR> d---s---- c:\documents and settings\Hendry\UserData

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 16:00 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-28 18:48 --------- d-----w c:\documents and settings\Hendry\Dane aplikacji\ATI
2008-10-28 18:46 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-28 18:46 --------- d-----w c:\program files\ATI Technologies
2008-10-28 18:39 --------- d-----w c:\program files\AMD
2008-10-28 18:38 --------- d-----w c:\program files\Realtek Sound Manager
2008-10-28 18:38 --------- d-----w c:\program files\AvRack
2008-10-28 18:32 --------- d-----w c:\program files\microsoft frontpage
2008-10-28 18:30 --------- d-----w c:\program files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-13 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="i:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"SoundMan"="SOUNDMAN.EXE" [2005-01-21 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-05-13 32768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"i:\\WapSter AQQ\\aqq.exe"=
"i:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-05 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-05 20560]
S3 AVPsys;AVPsys;\??\c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 08:37:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2008-11-26 8:37:57
ComboFix-quarantined-files.txt 2008-11-26 07:37:43

Przed: 5 918 539 776 bajtów wolnych
Po: 5,910,921,216 bajtów wolnych

225


  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 26 11 2008 - 13:14

Uważam, że teraz log jest już czysty.

ordynat
  • 0

#5 macko444

macko444

    Początkujący

  • 38 postów

Napisano 26 11 2008 - 13:54

Dzięki za pomoc ;>
Pozdrowionka!!

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·