Skocz do zawartości


Zdjęcie

services.exe błąd

Rozpoczęty przez jamaika , 23 07 2008 19:56

  • Zamknięty Temat jest zamknięty
14 odpowiedzi w tym temacie

#1 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 23 07 2008 - 19:56

Witam. Mam problem. Otóż jak włączam komputer wyskakuje mi raport o błędach services.exe
Czytałem, że to może być wirus jeśli service.exe jest w innych katalogach poza system32. No to u mnie jest tylko w system32 ale w dwóch odsłonach ;] oto ss: http://img231.imageshack.us/img231/6920/servicesjh9.png
Zrobiłem również skanowanie kompa avastem i znalazło tam pare...naście shitów do usunięcia, ale po tym problem NIE zniknął.
Nie wiem czy to jakiś poważny błąd, wirus czy coś innego, ponieważ nie czuje żadnej różnicy przed jak i po wystąpieniu tego czegoś na kompie. Tutaj log jeśli potrzebny.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:30, on 2008-07-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\deviceemulator.exe,
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B2AC49A2-94F3-42BD-F434-2604812C897D} - (no file)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: services.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D928F50-FA17-49A2-9EAA-47449A3C14DA}: NameServer = 172.17.33.254 81.219.145.137
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8059 bytes

;] help?




Tak pozatym to witam, Michał jestem ;]

  • 0

#2 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 23 07 2008 - 22:32

Tak pozatym to witam, Michał jestem

Idzie się domyśleć... ;]

No to u mnie jest tylko w system32 ale w dwóch odsłonach

Czyli dobrze... ;]

Uruchom ChijackThis :

>Dołączona grafika<

Zaznacz poniższe wpisy :

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: (no name) - {B2AC49A2-94F3-42BD-F434-2604812C897D} - (no file)
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dl
O4 - Startup: services.exe

>>Dołączona grafika<<

Wklej loga z ComboFix

Czy używasz emulatora ?

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\deviceemulator.exe,

Wolę się upewnić, nim zlecę usuwanie.

  • 0

#3 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 23 07 2008 - 23:13

Usunołem to co napisałeś. A jeśli chodzi o emulator to kiedyś do starej jednej gierki użyłem. Czyli do kasacji? :D




Tutaj Log z ComboFix:







ComboFix 08-07-22.4 - USER 2008-07-23 23:03:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.617 [GMT 2:00]
Running from: C:\Documents and Settings\USER\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iexplorer.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 22:48 . 2008-07-23 22:53 <DIR> d-------- C:\WINDOWS\system32\wdrivers
2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:52 . 2008-07-23 18:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-23 18:40 . 2008-07-23 18:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia
2008-07-18 17:39 . 2008-07-18 17:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-18 17:31 . 2008-07-18 17:32 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\RegClean
2008-07-18 17:19 . 2008-07-18 17:19 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\URSoft
2008-07-17 22:24 . 2008-07-17 22:36 <DIR> d-------- C:\Documents and Settings\USER\dodian.com
2008-07-07 17:23 . 2008-07-10 10:15 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\SecondLife
2008-07-03 13:44 . 2008-07-03 13:44 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.2
2008-07-03 12:00 . 2008-07-03 12:00 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Subversion
2008-07-03 12:00 . 2008-07-07 12:56 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient
2008-07-03 11:48 . 2008-07-03 11:48 <DIR> d-------- C:\Program Files\Sun
2008-07-03 11:48 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-03 11:47 . 2008-07-03 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 16:38 . 2008-07-23 22:37 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat
2008-07-01 13:28 . 2008-07-22 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 13:28 . 2008-07-01 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 14:12 . 2008-06-29 14:12 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-25 19:22 . 2008-06-25 20:44 616 --a------ C:\WINDOWS\eReg.dat
2008-06-25 19:17 . 2008-06-25 19:43 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 21:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA
2008-07-23 20:58 --------- d-----w C:\Program Files\free-downloads.net
2008-07-23 16:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire
2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2
2008-07-20 09:19 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 09:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks
2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:03 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus
2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus
2008-07-03 09:48 --------- d-----w C:\Program Files\Java
2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player
2008-06-21 11:24 --------- d-----w C:\Program Files\LucasArts
2008-06-20 21:15 --------- d-----w C:\Program Files\LEGO Media
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:11 --------- d-----w C:\Program Files\Cheat Engine
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-06-19 07:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-06-19 07:54 --------- d-----w C:\Program Files\Ulead Systems
2008-06-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Sony
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Publish Providers
2008-06-18 19:42 --------- d-----w C:\Program Files\Vstplugins
2008-06-18 19:42 --------- d-----w C:\Program Files\Sony
2008-06-18 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-18 19:41 --------- d-----w C:\Program Files\Sony Setup
2008-06-18 08:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 14:42 --------- d-----w C:\Program Files\sXe Injected
2008-06-13 10:09 --------- d-----w C:\Program Files\MTA San Andreas
2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys
2008-06-08 17:59 --------- d-----w C:\Program Files\Activision
2008-06-06 19:28 --------- d-----w C:\Program Files\GMX Media
2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe
2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE
2008-06-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-04 17:55 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
2008-06-04 15:41 --------- d-----w C:\Program Files\MagicISO
2008-06-04 15:40 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 15:38 --------- d-----w C:\Program Files\Maxis
2008-06-03 18:23 --------- d-----w C:\Program Files\DNA
2008-06-03 18:23 --------- d-----w C:\Program Files\BitTorrent
2008-06-01 19:00 --------- d-----w C:\Program Files\Tibia
2008-05-30 17:03 --------- d-----w C:\Program Files\Tasker
2008-05-25 08:44 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-23 14:42 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-10 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-10 10:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088]
"Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-06-22 20:37 601848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\USER\Menu Start\Programy\Autostart\
YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"D:\\SecondLife\\SLVoice.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39]
S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:31:23 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
O17 -: HKLM\CCS\Interface\{5D928F50-FA17-49A2-9EAA-47449A3C14DA}: NameServer = 172.17.33.254 81.219.145.137

O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
C:\WINDOWS\Downloaded Program Files\ArcaOnline.inf
C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
C:\WINDOWS\system32\ArcaOnlineUninstall.exe
C:\WINDOWS\system32\ArcaOnline.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 23:06:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 23:07:14
ComboFix-quarantined-files.txt 2008-07-23 21:07:08

Pre-Run: 15,107,264,512 bajtów wolnych
Post-Run: 15,812,833,280 bajtów wolnych

213 --- E O F --- 2008-07-10 07:57:07




PS. zrobiłem reboot komputera i error nie wyskoczył :> gicior, a czym to mogło być spowodowane?
  • 0

#4 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 24 07 2008 - 01:12

Ok. W takim razie wklej do notatnika :
File::
C:\WINDOWS\system32\wdrivers
C:\WINDOWS\system32\deviceemulator.exe

Folder::
C:\Program Files\free-downloads.net

Plik zapisz jako CFScript.txt , przeciągnij i upuść na ikonkę ComboFixa.


Zastosuj WWDC : http://www.bezpieczenstwosystemow.pl/index.php?topic=266.0

Przeskanuj jeszcze komputer tym programem : http://cybertrash.pl/Tata/MBAM/Malwarebyte...ti-Malware.html



a czym to mogło być spowodowane?


Tym wpisem :
O4 - Startup: services.exe
Services.exe to usługa systemowa i w tym wypadku została jako fałszywa usługa dodana do autostartu zapewne przez trojana, który podszywał się pod Internet Explorera.
ComboFix sam go usunął :

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iexplorer.exe


Prawidłowo to C:\Program Files\Internet Explorer\iexplore.exe
  • 0

#5 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 24 07 2008 - 13:35

Ten link do tego Malwarebytes to z jakimś spyware był... :D

Ściągnąłem z oryginalnej stronki i znalazło takie cuś?

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> No action taken.

Usunąć to?
  • 0

#6 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 24 07 2008 - 13:58

jakimś spyware był.

Ja też stamtąd pobierałem. Nic nie było, ale sprawdzę to.

Usunąć to?

Tak.

Co z ComboFixem i WWDC ?
  • 0

#7 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 24 07 2008 - 14:58

no zrobilem ten skrypt i usuneło to co mialo usunąć. Zaraz będę patrzeć co to za cudo to WWDC i dam edit...



EDIT: Wszystkie porty closed bo chyba o to chodziło nie?
  • 0

#8 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 24 07 2008 - 16:31

C:\ComboFix.txt. Wklej jeszcze loga z usuwania, bo jest możliwe, że infekcja się odradza.

chyba o to chodziło nie?

Dokładnie tak.
  • 0

#9 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 24 07 2008 - 19:07

ComboFix 08-07-22.4 - USER 2008-07-24 12:28:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.651 [GMT 2:00]
Running from: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika

FILE ::
C:\WINDOWS\system32\deviceemulator.exe
C:\WINDOWS\system32\wdrivers
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\free-downloads.net
C:\Program Files\free-downloads.net\INSTALL.LOG
C:\Program Files\free-downloads.net\toolbar.cfg
C:\Program Files\free-downloads.net\UNWISE.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-23 22:48 . 2008-07-23 22:53 <DIR> d-------- C:\WINDOWS\system32\wdrivers
2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:52 . 2008-07-23 18:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-23 18:40 . 2008-07-23 18:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia
2008-07-18 17:39 . 2008-07-18 17:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-18 17:31 . 2008-07-18 17:32 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\RegClean
2008-07-18 17:19 . 2008-07-18 17:19 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\URSoft
2008-07-17 22:24 . 2008-07-17 22:36 <DIR> d-------- C:\Documents and Settings\USER\dodian.com
2008-07-07 17:23 . 2008-07-10 10:15 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\SecondLife
2008-07-03 13:44 . 2008-07-03 13:44 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.2
2008-07-03 12:00 . 2008-07-03 12:00 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Subversion
2008-07-03 12:00 . 2008-07-07 12:56 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient
2008-07-03 11:48 . 2008-07-03 11:48 <DIR> d-------- C:\Program Files\Sun
2008-07-03 11:48 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-03 11:47 . 2008-07-03 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 16:38 . 2008-07-23 22:37 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat
2008-07-01 13:28 . 2008-07-22 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 13:28 . 2008-07-01 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 14:12 . 2008-06-29 14:12 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-25 19:22 . 2008-06-25 20:44 616 --a------ C:\WINDOWS\eReg.dat
2008-06-25 19:17 . 2008-06-25 19:43 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 10:27 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA
2008-07-23 16:56 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire
2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2
2008-07-20 09:19 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 09:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks
2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:03 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus
2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus
2008-07-03 09:48 --------- d-----w C:\Program Files\Java
2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player
2008-06-21 11:24 --------- d-----w C:\Program Files\LucasArts
2008-06-20 21:15 --------- d-----w C:\Program Files\LEGO Media
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:11 --------- d-----w C:\Program Files\Cheat Engine
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-06-19 07:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-06-19 07:54 --------- d-----w C:\Program Files\Ulead Systems
2008-06-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Sony
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Publish Providers
2008-06-18 19:42 --------- d-----w C:\Program Files\Vstplugins
2008-06-18 19:42 --------- d-----w C:\Program Files\Sony
2008-06-18 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-18 19:41 --------- d-----w C:\Program Files\Sony Setup
2008-06-18 08:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 14:42 --------- d-----w C:\Program Files\sXe Injected
2008-06-13 10:09 --------- d-----w C:\Program Files\MTA San Andreas
2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys
2008-06-08 17:59 --------- d-----w C:\Program Files\Activision
2008-06-06 19:28 --------- d-----w C:\Program Files\GMX Media
2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe
2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE
2008-06-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-04 17:55 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
2008-06-04 15:41 --------- d-----w C:\Program Files\MagicISO
2008-06-04 15:40 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 15:38 --------- d-----w C:\Program Files\Maxis
2008-06-03 18:23 --------- d-----w C:\Program Files\DNA
2008-06-03 18:23 --------- d-----w C:\Program Files\BitTorrent
2008-06-01 19:00 --------- d-----w C:\Program Files\Tibia
2008-05-30 17:03 --------- d-----w C:\Program Files\Tasker
2008-05-25 08:44 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-10 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-10 10:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_23.07.01.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 09:06:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088]
"Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-06-22 20:37 601848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\USER\Menu Start\Programy\Autostart\
YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"D:\\SecondLife\\SLVoice.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39]
S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:31:23 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 12:31:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-24 12:31:44
ComboFix-quarantined-files.txt 2008-07-24 10:31:38
ComboFix2.txt 2008-07-23 21:07:15

Pre-Run: 15,781,093,376 bajtów wolnych
Post-Run: 15,781,339,136 bajtów wolnych

210 --- E O F --- 2008-07-10 07:57:07













i? :D
  • 0

#10 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 24 07 2008 - 19:47

2008-07-23 22:48 . 2008-07-23 22:53 <DIR> d-------- C:\WINDOWS\system32\wdrivers

"wdrivers" to jest folder, a nie plik, więc była pomyłka w Scripcie - dlatego się to nie usunęło.
Więc:
Wklej do Notatnika:
Folder::
C:\WINDOWS\system32\wdrivers
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--> Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat
  • 0

#11 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 24 07 2008 - 20:24

Faktycznie mój błąd. :D

Ordynat dziękuję za poprawkę. :D

  • 0

#12 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 25 07 2008 - 11:05

ComboFix 08-07-22.4 - USER 2008-07-25 10:58:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.584 [GMT 2:00]
Running from: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\ComboFix.exe
Command switches used :: C:\Documents and Settings\USER\Pulpit\Michała\porgramy\Logi\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\wdrivers
C:\WINDOWS\system32\wdrivers\20080723 224855.sys
C:\WINDOWS\system32\wdrivers\20080723 225246.sys

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Malwarebytes
2008-07-24 12:43 . 2008-07-24 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2008-07-24 12:43 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 12:43 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 19:09 . 2008-07-23 19:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-23 18:52 . 2008-07-23 18:55 <DIR> d-------- C:\Program Files\Registry Clean Expert
2008-07-23 18:40 . 2008-07-23 18:56 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-07-23 14:25 . 2008-07-23 14:25 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Uniblue
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Program Files\tibia2
2008-07-23 00:22 . 2008-07-23 00:22 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Tibia
2008-07-18 17:39 . 2008-07-18 17:40 <DIR> d-------- C:\Program Files\RegCleaner
2008-07-18 17:31 . 2008-07-18 17:32 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\RegClean
2008-07-18 17:19 . 2008-07-18 17:19 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\URSoft
2008-07-17 22:24 . 2008-07-17 22:36 <DIR> d-------- C:\Documents and Settings\USER\dodian.com
2008-07-07 17:23 . 2008-07-10 10:15 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\SecondLife
2008-07-03 13:44 . 2008-07-03 13:44 <DIR> d-------- C:\Program Files\Syncro SVN Client 3.2
2008-07-03 12:00 . 2008-07-03 12:00 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\Subversion
2008-07-03 12:00 . 2008-07-07 12:56 <DIR> d-------- C:\Documents and Settings\USER\Dane aplikacji\com.syncrosvnclient
2008-07-03 11:48 . 2008-07-03 11:48 <DIR> d-------- C:\Program Files\Sun
2008-07-03 11:48 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-03 11:47 . 2008-07-03 11:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 16:38 . 2008-07-23 22:37 23 --a------ C:\Documents and Settings\USER\jagex_runescape_preferences.dat
2008-07-01 13:28 . 2008-07-22 20:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-01 13:28 . 2008-07-01 13:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 14:12 . 2008-06-29 14:12 <DIR> d-------- C:\Program Files\Phoenix Crew
2008-06-26 22:10 . 2008-06-26 22:10 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-25 19:22 . 2008-06-25 20:44 616 --a------ C:\WINDOWS\eReg.dat
2008-06-25 19:17 . 2008-06-25 19:43 <DIR> d-------- C:\Program Files\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 22:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\DNA
2008-07-24 16:46 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-22 18:12 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Xfire
2008-07-22 18:05 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\OpenOffice.org2
2008-07-20 09:19 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-20 09:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:41 --------- d-----w C:\Program Files\Bethesda Softworks
2008-07-18 15:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-13 13:03 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Azureus
2008-07-07 12:39 --------- d-----w C:\Program Files\Azureus
2008-07-03 09:48 --------- d-----w C:\Program Files\Java
2008-07-02 09:39 --------- d-----w C:\Program Files\Xfire
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Nokia Multimedia Player
2008-06-21 11:24 --------- d-----w C:\Program Files\LucasArts
2008-06-20 21:15 --------- d-----w C:\Program Files\LEGO Media
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:11 --------- d-----w C:\Program Files\Cheat Engine
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-06-19 07:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-06-19 07:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
2008-06-19 07:54 --------- d-----w C:\Program Files\Ulead Systems
2008-06-19 07:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Sony
2008-06-18 19:46 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\Publish Providers
2008-06-18 19:42 --------- d-----w C:\Program Files\Vstplugins
2008-06-18 19:42 --------- d-----w C:\Program Files\Sony
2008-06-18 19:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-06-18 19:41 --------- d-----w C:\Program Files\Sony Setup
2008-06-18 08:49 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 14:42 --------- d-----w C:\Program Files\sXe Injected
2008-06-13 10:09 --------- d-----w C:\Program Files\MTA San Andreas
2008-06-10 11:22 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-08 18:08 22,328 ----a-w C:\Documents and Settings\USER\Dane aplikacji\PnkBstrK.sys
2008-06-08 17:59 --------- d-----w C:\Program Files\Activision
2008-06-06 19:28 --------- d-----w C:\Program Files\GMX Media
2008-06-05 20:36 4,358,144 ----a-w C:\WINDOWS\uncsetup.exe
2008-06-05 19:09 163,328 ------w C:\WINDOWS\UNINEPSE.EXE
2008-06-05 14:57 --------- d-----w C:\Program Files\Ubisoft
2008-06-04 17:55 --------- d-----w C:\Documents and Settings\USER\Dane aplikacji\BitTorrent
2008-06-04 15:41 --------- d-----w C:\Program Files\MagicISO
2008-06-04 15:40 --------- d-----w C:\Program Files\Electronic Arts
2008-06-04 15:38 --------- d-----w C:\Program Files\Maxis
2008-06-03 18:23 --------- d-----w C:\Program Files\DNA
2008-06-03 18:23 --------- d-----w C:\Program Files\BitTorrent
2008-06-01 19:00 --------- d-----w C:\Program Files\Tibia
2008-05-30 17:03 --------- d-----w C:\Program Files\Tasker
2008-05-25 08:44 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-05-10 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-10 10:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-23_23.07.01.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-25 08:54:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 17:21 1449984]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-03 20:23 289088]
"Google Update"="C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-07-16 15:56 119280]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-06-22 20:37 601848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-25 15:49 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 13:36 229376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 14:12 341488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\USER\Menu Start\Programy\Autostart\
YouTube Uploader.lnk - C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-16 10:42:48 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"C:\\Program Files\\MTA San Andreas\\server\\MTA Server.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Soldat\\Soldat.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"D:\\SecondLife\\SLVoice.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-10-04 07:39]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-10-04 07:39]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-10-04 07:39]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-10-04 07:39]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-10-04 07:39]
S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:31:23 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 11:00:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 11:01:38
ComboFix-quarantined-files.txt 2008-07-25 09:01:33
ComboFix2.txt 2008-07-24 10:31:44
ComboFix3.txt 2008-07-23 21:07:15

Pre-Run: 15,313,842,176 bajtów wolnych
Post-Run: 15,433,367,552 bajtów wolnych

211 --- E O F --- 2008-07-10 07:57:07




Już jest okey? Folder QooBox usunąłem...

  • 0

#13 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 25 07 2008 - 13:25

S3 Pwd42;Pwd42;C:\WINDOWS\System32\drivers\Pwd42.sys [2008-01-11 13:29]

To jest ze stycznia, ale kojarzy mi się z infekcją wykorzystującą zarażony komputer do rozsyłania spamu po całym świecie.
Na wszelki wypadek sprawdź ten zaznaczony na czerwono plik:
Sprawdź go na --> http://virusscan.jotti.org/
albo na http://www.virustotal.com/en/indexf.html.

Jeśli okaże się "zły", to zrobisz jeszcze to:
Wklej do Notatnika:
File::
C:\WINDOWS\System32\drivers\Pwd42.sys

Driver::
Pwd42

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwd42.sys]
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--> Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C:\Qoobox.

ordynat
  • 0

#14 jamaika

jamaika

    Obserwator

  • 8 postów

Napisano 25 07 2008 - 13:54

Przeskanowałem dwoma i raczej nic:

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing





AhnLab-V3 2008.7.25.1 2008.07.25 -
AntiVir 7.8.1.12 2008.07.25 -
Authentium 5.1.0.4 2008.07.24 -
Avast 4.8.1195.0 2008.07.25 -
AVG 8.0.0.130 2008.07.25 -
BitDefender 7.2 2008.07.25 -
CAT-QuickHeal 9.50 2008.07.24 -
ClamAV 0.93.1 2008.07.25 -
DrWeb 4.44.0.09170 2008.07.25 -
eSafe 7.0.17.0 2008.07.24 -
eTrust-Vet 31.6.5981 2008.07.25 -
Ewido 4.0 2008.07.25 -
F-Prot 4.4.4.56 2008.07.24 -
F-Secure 7.60.13501.0 2008.07.25
Fortinet 3.14.0.0 2008.07.25 -
GData 2.0.7306.1023 2008.07.25 -
Ikarus T3.1.1.34.0 2008.07.25 -
Kaspersky 7.0.0.125 2008.07.25 -
McAfee 5346 2008.07.24 -
Microsoft 1.3704 2008.07.24 -
NOD32v2 3298 2008.07.25 -
Norman 5.80.02 2008.07.24 -
Panda 9.0.0.4 2008.07.25 -
PCTools 4.4.2.0 2008.07.24 -
Prevx1 V2 2008.07.25 -
Rising 20.54.42.00 2008.07.25 -
Sophos 4.31.0 2008.07.25 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.25 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.25 -
VBA32 3.12.8.1 2008.07.24 -
ViRobot 2008.7.25.1310 2008.07.25 -
VirusBuster 4.5.11.0 2008.07.24 -
Webwasher-Gateway 6.6.2 2008.07.25 -
  • 0

#15 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 25 07 2008 - 15:08

W takim razie - czysto.

ordynat

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·