Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:49:58, on 2008-04-29Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXED:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeD:\programy\powerstrip\pstrip.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Lexmark 3300 Series\lxccmon.exeC:\Program Files\Logitech\Gaming Software\LWEMon.exeC:\WINDOWS\system32\ctfmon.exeD:\Programy\WAPSTE~1\AQQ.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeD:\Programy\Real Desktop\Real Desktop.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Messenger\msmsgs.exeD:\Programy\eMule\emule.exeC:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exeC:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exeD:\Programy\Yahoo!\Widgets\YahooWidgets.exeC:\Program Files\Wireless Device\Wireless Keyboard\osd.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\lxcccoms.exeC:\WINDOWS\system32\WgaTray.exeD:\Programy\Yahoo!\Widgets\YahooWidgets.exeC:\WINDOWS\System32\svchost.exeD:\Programy\Mozilla Firefox 3 Beta 5\firefox.exeD:\Programy\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CTSysVol] D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [PowerStrip] d:\programy\powerstrip\pstrip.exeO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /nouiO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AQQ] D:\Programy\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [Real Desktop] "D:\Programy\Real Desktop\Real Desktop.exe"O4 - HKCU\..\Run: [BitComet] "D:\Programy\BitComet\BitComet.exe" /trayO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe -AutoStartO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Yahoo! Widgets.lnk = D:\Programy\Yahoo!\Widgets\YahooWidgets.exeO4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exeO4 - Global Startup: Enable Wireless Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe--End of file - 6928 bytes
Logi - WWDC wykrywa syf
Rozpoczęty przez
krzyhoo
, 29 04 2008 21:42
8 odpowiedzi w tym temacie
#1
Napisano 29 04 2008 - 21:42
witam. sprawdzałem sobie dzisiaj czy mam wszystkie wirusowe porty pozamykane w wwdc, a tu wyskoczył mi taki komunikat: http://img257.imageshack.us/my.php?image=wirpr0.jpg czy tu chodzi o wirusa? dodam że ostatnio zmieniałem sieciówke wifi i mam ustawione szyfrowanie WPA.
#2
Napisano 29 04 2008 - 22:02
Po Hijack'u się wszystkiego nie dowiesz. Zarzuć jeszcze raport z ComboFix
#3
Napisano 30 04 2008 - 21:39
Do a system scan only Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
To raczej jest kosmetyka.Daj loga z combofixa bo po za tym czysto w tym logu.
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
To raczej jest kosmetyka.Daj loga z combofixa bo po za tym czysto w tym logu.
#4
Napisano 05 05 2008 - 18:57
sorry że długo nie odpowiadałem, ale nie miałem czasu
jak odpalam combofixa to wywala mi taki komunikat: http://img231.imageshack.us/my.php?image=dfgpz7.jpg - na pewno mam kontynuować?
jak odpalam combofixa to wywala mi taki komunikat: http://img231.imageshack.us/my.php?image=dfgpz7.jpg - na pewno mam kontynuować?
#5
Napisano 05 05 2008 - 20:51
Tak dajesz tak.
#6
Napisano 06 05 2008 - 19:56
log z combofixa
ComboFix 08-05-01.3 - aaa 2008-05-06 19:52:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1091 [GMT 2:00] Running from: C:\Documents and Settings\aaa\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))) . 2008-05-06 17:17 . 2008-05-06 17:17 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-05-05 19:58 . 2008-05-05 19:58 <DIR> d-------- C:\WINDOWS\LxkSkins 2008-05-05 19:58 . 2008-05-05 19:58 <DIR> d-------- C:\Program Files\Lexmark Skins 2008-05-02 00:56 . 2008-05-02 00:57 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\fretsonfire 2008-04-30 15:52 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-04-30 15:52 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-04-29 23:04 . 2008-04-29 23:04 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:05 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:04 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-04-28 15:19 . 2008-04-28 15:39 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Audacity 2008-04-26 16:18 . 2005-10-20 13:05 282,240 -ra------ C:\WINDOWS\system32\drivers\rtl8185.sys 2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-23 00:01 . 2008-04-23 00:01 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Uniblue 2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Logitech 2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-04-17 00:01 . 2008-04-17 00:03 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-17 00:01 . 2008-04-17 00:01 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-04-17 00:01 . 2008-04-17 00:01 <DIR> d-------- C:\Program Files\MSBuild 2008-04-17 00:00 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-16 23:58 . 2008-04-16 23:58 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-04-16 14:47 . 2008-05-05 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2008-04-16 14:17 . 2008-04-16 14:17 <DIR> dr-h----- C:\Documents and Settings\aaa\Dane aplikacji\SecuROM 2008-04-16 14:16 . 2008-04-16 16:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-12 15:38 . 2008-04-12 15:38 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-06 18:03 623,136 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-06 18:03 14,303,776 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-06 17:50 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\SiteAdvisor 2008-05-06 14:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-05-05 22:10 61,712 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-05 22:10 196,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-02 20:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-01 15:40 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Xfire 2008-04-30 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-17 13:37 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 13:37 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-04-08 18:03 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-05 12:25 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-05 12:25 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-05 12:25 --------- d-----w C:\Program Files\OpenAL 2008-04-04 14:07 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Creative 2008-04-02 12:01 --------- d-----w C:\Program Files\Lexmark 3300 Series 2008-03-29 23:24 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Media Player Classic 2008-03-29 20:06 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-29 20:05 --------- d-----w C:\Program Files\Java 2008-03-29 20:02 --------- d-----w C:\Program Files\Common Files\Java 2008-03-29 18:51 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Winamp 2008-03-29 17:36 --------- d-----w C:\Program Files\Yahoo! 2008-03-29 16:37 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2008-03-29 15:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor 2008-03-29 15:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2008-03-29 14:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-29 14:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-29 14:54 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire 2008-03-29 14:41 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire 2008-03-29 14:36 22,328 ----a-w C:\Documents and Settings\aaa\Dane aplikacji\PnkBstrK.sys 2008-03-26 21:34 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-26 21:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-03-26 17:56 --------- d-----w C:\Program Files\Creative 2008-03-26 17:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-26 17:31 --------- d--h--w C:\Program Files\Creative Installation Information 2008-03-26 17:31 --------- d-----w C:\Program Files\Common Files\Creative 2008-03-26 17:29 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-26 17:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-26 17:23 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\InterTrust 2008-03-26 17:17 --------- d-----w C:\Program Files\VID_0E8F&PID_0012 2008-03-26 17:16 --------- d-----w C:\Program Files\Wireless Device 2008-03-26 17:10 --------- d-----w C:\Program Files\VIA 2008-03-26 17:08 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-03-26 17:08 --------- d-----w C:\Program Files\Realtek AC97 2008-03-26 17:08 --------- d-----w C:\Program Files\AvRack 2008-03-26 17:07 --------- d-----w C:\Program Files\S3 2008-03-26 15:57 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-26 15:55 --------- d-----w C:\Program Files\Usługi online 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-04 11:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-07 15:15 408,576 ----a-w C:\WINDOWS\system32\Smab.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "AQQ"="D:\Programy\WAPSTE~1\AQQ.exe" [2008-02-23 21:36 1170416] "Real Desktop"="D:\Programy\Real Desktop\Real Desktop.exe" [2007-09-07 15:24 5271845] "BitComet"="D:\Programy\BitComet\BitComet.exe" [2008-03-25 08:38 2196280] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "eMuleAutoStart"="D:\Programy\eMule\emule.exe" [2007-05-13 16:57 5308416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920] "CTSysVol"="D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344] "P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll] "PowerStrip"="d:\programy\powerstrip\pstrip.exe" [2008-02-17 01:09 802552] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376] "lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:17 192512] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] C:\Documents and Settings\aaa\Menu Start\Programy\Autostart\ Yahoo! Widgets.lnk - D:\Programy\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2008-03-26 19:16:03 180224] Enable Wireless Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2008-03-26 19:16:03 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-03-25 08:38 2196280 D:\Programy\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni] D:\Programy\One-click Audio Converter\OCAudioIni.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2008-04-02 09:49 1885464 D:\Programy\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 D:\Programy\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Programy\\WapSter AQQ\\AQQ.exe"= "D:\\Programy\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\GRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "D:\\GRY\\EA GAMES\\Battlefield 2\\BF2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18100:TCP"= 18100:TCP:BitComet 18100 TCP "18100:UDP"= 18100:UDP:BitComet 18100 UDP R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-06 20:03:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-06 20:04:50 ComboFix-quarantined-files.txt 2008-05-06 18:04:45 Pre-Run: 2,914,488,320 bajtów wolnych Post-Run: 3,011,039,232 bajtów wolnych 187 --- E O F --- 2008-04-17 23:02:51
#7
Napisano 09 05 2008 - 11:31
wkej do notatnika
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po wykonaniu tego usuwania daj nowego logaz combofixa
FILE :: C:\WINDOWS\system32\Smab0.dll
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po wykonaniu tego usuwania daj nowego logaz combofixa
#8
Napisano 09 05 2008 - 16:31
zrobione
ale jak widać ten plik dalej został :/
ComboFix 08-05-01.3 - aaa 2008-05-09 16:30:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.780 [GMT 2:00] Running from: C:\Documents and Settings\aaa\Pulpit\Nowy folder\ComboFix.exe Command switches used :: C:\Documents and Settings\aaa\Pulpit\Nowy folder\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2008-05-06 17:17 . 2008-05-06 17:17 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-05-05 19:58 . 2008-05-05 19:58 <DIR> d-------- C:\WINDOWS\LxkSkins 2008-05-05 19:58 . 2008-05-05 19:58 <DIR> d-------- C:\Program Files\Lexmark Skins 2008-05-02 00:56 . 2008-05-02 00:57 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\fretsonfire 2008-04-30 15:52 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-04-30 15:52 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-04-29 23:04 . 2008-04-29 23:04 <DIR> d-------- C:\Program Files\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:05 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Spyware Terminator 2008-04-29 23:04 . 2008-04-29 23:04 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-04-28 15:19 . 2008-04-28 15:39 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Audacity 2008-04-26 16:18 . 2005-10-20 13:05 282,240 -ra------ C:\WINDOWS\system32\drivers\rtl8185.sys 2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-04-23 00:01 . 2008-04-23 00:01 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Uniblue 2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Logitech 2008-04-21 20:56 . 2008-04-21 20:56 <DIR> d-------- C:\Program Files\Common Files\Logitech 2008-04-17 00:01 . 2008-04-17 00:03 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2008-04-17 00:01 . 2008-04-17 00:01 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-04-17 00:01 . 2008-04-17 00:01 <DIR> d-------- C:\Program Files\MSBuild 2008-04-17 00:00 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-04-16 23:58 . 2008-04-16 23:58 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-04-16 14:47 . 2008-05-05 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited 2008-04-16 14:17 . 2008-04-16 14:17 <DIR> dr-h----- C:\Documents and Settings\aaa\Dane aplikacji\SecuROM 2008-04-16 14:16 . 2008-04-16 16:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-04-12 15:38 . 2008-04-12 15:38 <DIR> d-------- C:\Documents and Settings\aaa\Dane aplikacji\Ahead . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 14:38 645,152 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-09 14:38 15,144,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-09 14:25 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\SiteAdvisor 2008-05-09 05:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-05-08 23:00 64,016 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-08 23:00 207,764 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-02 20:22 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-01 15:40 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Xfire 2008-04-30 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-17 13:37 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 13:37 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-04-08 18:03 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-05 12:25 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-04-05 12:25 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-05 12:25 --------- d-----w C:\Program Files\OpenAL 2008-04-04 14:07 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Creative 2008-04-02 12:01 --------- d-----w C:\Program Files\Lexmark 3300 Series 2008-03-29 23:24 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Media Player Classic 2008-03-29 20:06 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-29 20:05 --------- d-----w C:\Program Files\Java 2008-03-29 20:02 --------- d-----w C:\Program Files\Common Files\Java 2008-03-29 18:51 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\Winamp 2008-03-29 17:36 --------- d-----w C:\Program Files\Yahoo! 2008-03-29 16:37 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2008-03-29 15:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SiteAdvisor 2008-03-29 15:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2008-03-29 14:54 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-29 14:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-29 14:54 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire 2008-03-29 14:41 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire 2008-03-29 14:36 22,328 ----a-w C:\Documents and Settings\aaa\Dane aplikacji\PnkBstrK.sys 2008-03-26 21:34 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-26 21:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-03-26 17:56 --------- d-----w C:\Program Files\Creative 2008-03-26 17:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-26 17:31 --------- d--h--w C:\Program Files\Creative Installation Information 2008-03-26 17:31 --------- d-----w C:\Program Files\Common Files\Creative 2008-03-26 17:29 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-26 17:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-26 17:23 --------- d-----w C:\Documents and Settings\aaa\Dane aplikacji\InterTrust 2008-03-26 17:17 --------- d-----w C:\Program Files\VID_0E8F&PID_0012 2008-03-26 17:16 --------- d-----w C:\Program Files\Wireless Device 2008-03-26 17:10 --------- d-----w C:\Program Files\VIA 2008-03-26 17:08 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-03-26 17:08 --------- d-----w C:\Program Files\Realtek AC97 2008-03-26 17:08 --------- d-----w C:\Program Files\AvRack 2008-03-26 17:07 --------- d-----w C:\Program Files\S3 2008-03-26 15:57 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-26 15:55 --------- d-----w C:\Program Files\Usługi online 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-04 11:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-06_20.04.01,93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-06 14:37:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-09 05:53:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-04 10:16:53 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-05-09 05:53:25 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-05-04 10:16:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat + 2008-05-09 05:53:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat - 2008-05-04 10:16:53 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat + 2008-05-09 05:53:25 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "AQQ"="D:\Programy\WAPSTE~1\AQQ.exe" [2008-02-23 21:36 1170416] "Real Desktop"="D:\Programy\Real Desktop\Real Desktop.exe" [2007-09-07 15:24 5271845] "BitComet"="D:\Programy\BitComet\BitComet.exe" [2008-03-25 08:38 2196280] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "eMuleAutoStart"="D:\Programy\eMule\emule.exe" [2007-05-13 16:57 5308416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 11:30 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-06 11:30 81920] "CTSysVol"="D:\Programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 11:51 57344] "P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll] "PowerStrip"="d:\programy\powerstrip\pstrip.exe" [2008-02-17 01:09 802552] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376] "lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:17 192512] "Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 11:38 88584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] C:\Documents and Settings\aaa\Menu Start\Programy\Autostart\ Yahoo! Widgets.lnk - D:\Programy\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Enable Wireless Keyboard Driver.lnk - C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe [2008-03-26 19:16:03 180224] Enable Wireless Mouse Driver.lnk - C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe [2008-03-26 19:16:03 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] --a------ 2008-03-25 08:38 2196280 D:\Programy\BitComet\BitComet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -ra------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCAudioIni] D:\Programy\One-click Audio Converter\OCAudioIni.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] --a------ 2008-04-02 09:49 1885464 D:\Programy\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 D:\Programy\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Programy\\WapSter AQQ\\AQQ.exe"= "D:\\Programy\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "D:\\GRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "D:\\GRY\\EA GAMES\\Battlefield 2\\BF2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18100:TCP"= 18100:TCP:BitComet 18100 TCP "18100:UDP"= 18100:UDP:BitComet 18100 UDP R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 21:22] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 16:38:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-09 16:39:41 ComboFix-quarantined-files.txt 2008-05-09 14:39:35 ComboFix2.txt 2008-05-06 18:04:51 Pre-Run: 2,996,203,520 bajtów wolnych Post-Run: 2,975,916,032 bajtów wolnych 198 --- E O F --- 2008-04-17 23:02:51
ale jak widać ten plik dalej został :/
#9
Napisano 11 05 2008 - 21:32
Spróbuj tą bibliotekę usunąć Killboxem.
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych