Skocz do zawartości


Zdjęcie

Logi - Walka z trojanem

Rozpoczęty przez vodafone , 28 06 2008 19:45

  • Zamknięty Temat jest zamknięty
2 odpowiedzi w tym temacie

#1 vodafone

vodafone

    Początkujący

  • 27 postów

Napisano 28 06 2008 - 19:45

ComboFix 08-06-20.4 - Piotrek 2008-06-28 19:39:58.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.277 [GMT 2:00]
Running from: C:\Documents and Settings\Piotrek\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-28 19:38 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-28 19:38 . 2008-06-06 16:54 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-28 19:38 . 2008-06-28 19:38 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-28 19:33 . 2008-06-28 19:33 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Hamachi
2008-06-28 19:32 . 2008-06-28 19:32 <DIR> d-------- C:\Program Files\Hamachi
2008-06-25 15:45 . 2008-06-25 15:45 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Canon
2008-06-25 15:42 . 2008-06-25 15:42 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\ScanSoft
2008-06-25 15:42 . 2008-06-25 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-06-25 15:42 . 2008-06-25 15:42 412 --a------ C:\WINDOWS\MAXLINK.INI
2008-06-25 15:41 . 2008-06-25 15:41 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-25 15:41 . 2008-06-25 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- C:\Program Files\ScanSoft
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d--h----- C:\Program Files\CanonBJ
2008-06-25 15:36 . 2008-06-25 15:36 <DIR> d--h----- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
2008-06-25 15:36 . 2006-11-10 04:00 1,314,816 --a------ C:\WINDOWS\system32\CNCC140.DLL
2008-06-25 15:36 . 2006-05-26 03:54 135,168 --a------ C:\WINDOWS\system32\CNCL140.DLL
2008-06-25 15:36 . 2006-06-29 07:29 106,496 --a------ C:\WINDOWS\system32\cnco140.dll
2008-06-25 15:36 . 2006-11-10 03:59 57,344 --a------ C:\WINDOWS\system32\CNCI140.DLL
2008-06-25 15:35 . 2008-06-25 15:35 <DIR> d-------- C:\Program Files\Canon
2008-06-25 15:35 . 2006-12-25 22:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8R.DLL
2008-06-25 15:33 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2008-06-25 15:33 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-25 15:33 . 2001-08-17 22:03 24,960 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-19 10:07 . 2008-06-19 10:07 <DIR> d--hs---- C:\FOUND.006
2008-06-18 13:34 . 2008-06-18 13:34 <DIR> d--hs---- C:\FOUND.005
2008-06-18 13:29 . 2008-06-18 13:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-18 13:20 . 2001-08-17 22:03 24,192 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-18 13:20 . 2001-08-17 22:03 24,192 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-18 13:16 . 2008-06-18 13:16 <DIR> d--hs---- C:\FOUND.004
2008-06-17 19:43 . 2008-06-17 19:43 <DIR> d--hs---- C:\FOUND.003
2008-06-17 11:10 . 2008-06-17 11:10 <DIR> d--hs---- C:\FOUND.002
2008-06-15 17:57 . 2008-06-15 17:57 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-15 17:57 . 2008-06-15 18:05 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 17:57 . 2008-06-15 18:05 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 17:55 . 2008-06-15 17:55 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-15 17:55 . 2008-06-15 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-15 17:55 . 2008-06-28 19:37 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-15 17:55 . 2008-06-28 19:37 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 17:55 . 2008-06-28 19:37 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 17:55 . 2008-06-28 19:37 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 17:52 . 2008-06-15 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-13 19:48 . 2001-08-17 22:03 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-13 14:11 . 2008-06-13 14:11 <DIR> d--hs---- C:\FOUND.001
2008-06-12 17:08 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 17:07 . 2008-06-12 17:07 <DIR> d-------- C:\Program Files\Java
2008-06-12 17:04 . 2008-06-12 17:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-12 17:04 . 2008-06-12 17:04 <DIR> d-------- C:\Program Files\CCleaner
2008-06-10 14:30 . 2001-08-17 21:51 20,096 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-06-10 14:30 . 2001-08-17 21:51 20,096 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-06-09 11:45 . 2008-06-09 11:45 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Dane aplikacji\Nikon
2008-06-08 12:13 . 2001-10-26 17:29 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-08 12:13 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-08 12:13 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-08 12:13 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-07 15:28 . 2008-06-07 15:28 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Dane aplikacji\Gadu-Gadu
2008-06-07 10:31 . 2008-06-07 10:31 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\OpenOffice.org2
2008-06-07 10:28 . 2008-06-07 10:28 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-06 20:24 . 2008-06-06 20:24 <DIR> d-------- C:\WINDOWS\Sun
2008-06-06 18:41 . 2008-06-06 18:41 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Gadu-Gadu
2008-06-06 18:41 . 2008-06-06 18:41 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Gadu-Gadu
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Aśka i Magda\Ustawienia lokalne
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Aśka i Magda\Ustawienia lokalne
2008-06-06 18:12 . 2008-06-06 18:13 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Ulubione
2008-06-06 18:12 . 2008-06-06 18:13 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Ulubione
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Aśka i Magda\Szablony
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d--h----- C:\Documents and Settings\Aśka i Magda\Szablony
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Pulpit
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> d-------- C:\Documents and Settings\Aśka i Magda\Pulpit
2008-06-06 18:12 . 2008-06-06 18:13 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Moje dokumenty
2008-06-06 18:12 . 2008-06-06 18:13 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Moje dokumenty
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Menu Start
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> dr------- C:\Documents and Settings\Aśka i Magda\Menu Start
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> dr-h----- C:\Documents and Settings\Aśka i Magda\Dane aplikacji
2008-06-06 18:12 . 2008-06-06 16:54 <DIR> dr-h----- C:\Documents and Settings\Aśka i Magda\Dane aplikacji
2008-06-06 18:12 . 2008-06-06 18:12 <DIR> d-------- C:\Documents and Settings\Aśka i Magda
2008-06-06 17:59 . 2008-06-06 17:59 <DIR> d-------- C:\Program Files\Kalendarz XP
2008-06-06 17:49 . 2008-06-06 17:49 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\skypePM
2008-06-06 17:49 . 2008-06-06 17:49 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-06 17:49 . 2008-06-06 17:49 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-06-06 17:44 . 2008-06-06 17:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-06 17:41 . 2008-06-06 17:41 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Gadu-Gadu
2008-06-06 17:40 . 2008-06-06 17:40 <DIR> d-------- C:\Program Files\Skype
2008-06-06 17:40 . 2008-06-06 17:40 <DIR> d-------- C:\Program Files\Google
2008-06-06 17:40 . 2008-06-06 17:40 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-06 17:40 . 2008-06-06 17:40 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Skype
2008-06-06 17:39 . 2008-06-06 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-06 17:35 . 2008-06-06 17:35 <DIR> d--hs---- C:\FOUND.000
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-06 17:33 . 2008-06-06 17:33 <DIR> d-------- C:\Documents and Settings\Piotrek\Gadu-Gadu
2008-06-06 17:32 . 2008-06-06 17:32 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-06 17:32 . 2008-06-06 17:32 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-06 17:31 . 2008-06-06 17:31 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Nikon
2008-06-06 17:27 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Program Files\Nikon
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ultima_T15
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\String Comparison
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nikon
2008-06-06 17:26 . 2008-06-06 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\EnterNHelp
2008-06-06 17:26 . 2002-12-11 15:16 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2008-06-06 17:26 . 2008-06-06 17:42 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-06 17:26 . 2002-12-11 19:12 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2008-06-06 17:26 . 2002-12-11 17:34 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2008-06-06 17:26 . 2002-12-11 17:34 241,664 --a------ C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2008-06-06 17:26 . 2002-12-11 18:09 217,600 --a------ C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-06-06 17:26 . 2002-12-11 17:34 9,728 --a------ C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-06-06 17:26 . 2008-06-15 12:35 20 ---h----- C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT
2008-06-06 17:25 . 2008-06-06 17:25 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-06 17:23 . 2008-06-06 17:23 <DIR> d-------- C:\Program Files\Ahead
2008-06-06 17:21 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-06 17:21 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-06 17:21 . 2002-02-12 07:00 5,632 --a------ C:\WINDOWS\system32\CNMVS45.DLL
2008-06-06 17:20 . 2008-06-06 17:20 <DIR> d--h----- C:\BJPrinter
2008-06-06 17:20 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-06-06 17:20 . 2002-02-12 17:00 97,280 --------- C:\WINDOWS\system32\CNMLM45.DLL
2008-06-06 17:20 . 2002-01-17 11:48 36,864 --a------ C:\WINDOWS\system32\CNMCP45.EXE
2008-06-06 17:19 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-06-06 17:19 . 2008-06-06 17:19 421 --a------ C:\WINDOWS\ODBC.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:32 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-15 16:05 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-06 15:26 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-06-06 14:58 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-06-18 12:44 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-01-10 10:47 4239360]
"nwiz"="nwiz.exe" [2003-01-10 10:47 315392 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-30 12:00 13312]

C:\Documents and Settings\Piotrek\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-06-28 19:32:49 624416]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232]
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2008-06-06 17:59:00 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 19:40:56
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-28 19:41:15
ComboFix-quarantined-files.txt 2008-06-28 17:41:14

Pre-Run: 10,215,825,408 bajtów wolnych
Post-Run: 10,220,576,768 bajtów wolnych

183

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 30 06 2008 - 12:19

Wklej do notatnika
Folder::
C:\FOUND.006
C:\FOUND.005
C:\FOUND.004
C:\FOUND.003
C:\FOUND.002
C:\FOUND.000
C:\FOUND.001

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->Dołączona grafika
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Po wykonaniu tego daj nowy log z combofix

  • 0

#3 db45

db45

    Emerytura

  • 945 postów

Napisano 07 07 2008 - 18:12

Daj log z HJT.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·