Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:44:57, on 2008-08-27Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\VDOTool\TBPanel.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\F-Secure Internet Security\Common\FSM32.EXEC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exeC:\Program Files\F-Secure Internet Security\Common\FSMA32.EXEC:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\F-Secure Internet Security\Common\FSMB32.EXEC:\Program Files\F-Secure Internet Security\Common\FCH32.EXEC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXEC:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exeC:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exeC:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exeC:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exeC:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exeC:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Gadu-Gaduu\gg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.com/"]http://google.com/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [hosted] C:\Windows\system32\system.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{D55653E7-DDC6-4B06-9590-92613D26DA34}: NameServer = 194.204.159.1 217.98.63.164O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\comglt32a.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exeO23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exeO23 - Service: Agent zarządzania F-Secure (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXEO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 7620 bytes
[wirus]Vir
Rozpoczęty przez
keep1
, 27 08 2008 01:34
-
Temat jest zamknięty
3 odpowiedzi w tym temacie
#1
keep1
-
-
- 2 postów
Nowy
Napisano 27 08 2008 - 01:34
witam mam problem tzn cały czas mam proces konfiguratorr.exe i nie wiem jak to usunąć i przy okazji możecie sprawdzić logi... co mam usunąć
#2
wncvirus
-
-
- 851 postów
Leń !
Napisano 27 08 2008 - 12:02
Odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadrat przy poniższym wpisie i daj fix
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
Ale to jest kosmetyka.Daj loga z combofixa.
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
Ale to jest kosmetyka.Daj loga z combofixa.
#3
keep1
-
-
- 2 postów
Nowy
Napisano 27 08 2008 - 12:21
scan z kombofixa
ComboFix 08-08-26.02 - Administrator 2008-08-27 12:09:49.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1510 [GMT 2:00]Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED 
</strong>.((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))).2008-08-27 00:42 . 2008-08-27 00:42 572,984 --ah----- C:\hosted.0xe2008-08-24 20:54 . 2006-06-26 02:49 1,867,776 --a------ C:\WINDOWS\system32\python24.dll2008-08-23 16:28 . 2008-08-23 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion2008-08-23 16:27 . 2008-08-23 16:27 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Tibia2008-08-19 11:11 . 2008-08-19 11:11 <DIR> d-------- C:\Program Files\Bmbn2008-08-19 11:10 . 2008-08-19 11:10 <DIR> d-------- C:\OrbSecure2008-08-17 17:24 . 2008-08-17 17:24 80,954 --a------ C:\ISO1.nri2008-08-17 15:54 . 2008-08-17 15:58 61,504 --a------ C:\WINDOWS\system32\comglt32a.dll2008-08-16 18:27 . 2008-08-16 18:27 <DIR> d-------- C:\Program Files\Yahoo!2008-08-16 18:27 . 2008-08-16 18:27 <DIR> d-------- C:\Program Files\CCleaner2008-08-16 17:25 . 2008-08-16 17:25 <DIR> d-------- C:\WINDOWS\system32\xircom2008-08-16 17:25 . 2008-08-16 17:25 <DIR> d-------- C:\WINDOWS\system32\oobe2008-08-16 17:25 . 2008-08-16 17:25 <DIR> d-------- C:\WINDOWS\srchasst2008-08-16 17:25 . 2008-08-16 17:25 <DIR> d-------- C:\WINDOWS\msagent2008-08-16 17:25 . 2008-08-16 17:25 <DIR> d-------- C:\Program Files\microsoft frontpage2008-08-16 17:13 . 2008-08-16 17:13 <DIR> d-------- C:\Documents and Settings\LocalService\Pulpit2008-08-16 17:00 . 2008-08-16 17:00 <DIR> d-------- C:\Program Files\Trend Micro2008-08-16 16:41 . 2008-08-16 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure2008-08-16 16:33 . 2008-08-16 16:33 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\vlc2008-08-16 16:31 . 2008-08-16 16:31 <DIR> d-------- C:\Program Files\VideoLAN2008-08-15 14:54 . 2008-08-15 14:54 249,856 --------- C:\WINDOWS\Setup1.exe2008-08-15 14:54 . 2008-08-15 14:54 73,216 --a------ C:\WINDOWS\ST6UNST.EXE2008-08-15 12:58 . 2008-08-15 12:58 <DIR> d-------- C:\Program Files\Gadu-Gaduu2008-08-14 15:18 . 2008-08-14 15:18 <DIR> d-------- C:\Program Files\WebServ2008-08-14 15:18 . 2007-06-19 21:52 419,840 --a------ C:\WINDOWS\system32\ws_edit.lib2008-08-14 15:18 . 2006-08-17 22:37 130,048 --a------ C:\WINDOWS\system32\webserv.cpl2008-08-14 15:18 . 2008-08-14 15:19 40,230 --a------ C:\WINDOWS\php.ini2008-08-14 15:18 . 2008-08-14 15:19 427 --a------ C:\WINDOWS\my.ini2008-08-13 21:41 . 2008-08-16 17:18 <DIR> d-------- C:\Program Files\Winamp Toolbar2008-08-13 21:41 . 2008-08-13 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar2008-08-13 21:35 . 2008-08-19 11:11 <DIR> d-------- C:\Program Files\Winamp2008-08-13 21:35 . 2008-08-24 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Winamp2008-08-13 21:35 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll2008-08-13 15:15 . 2008-08-13 15:15 <DIR> d-------- C:\Program Files\AMD2008-08-13 15:15 . 2006-06-27 14:24 31,744 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys2008-08-13 15:11 . 2008-08-13 15:13 <DIR> d-------- C:\Program Files\Counter-Strike 1.62008-08-12 16:09 . 2005-09-08 20:12 <DIR> dr------- C:\Sakson's save 100%2008-08-12 16:04 . 2008-08-14 12:59 <DIR> d-------- C:\GTA San Andreas User Files2008-08-12 15:18 . 2008-08-12 15:18 <DIR> d-------- C:\Program Files\Hide Folders XP 22008-08-12 15:18 . 2007-01-23 01:26 17,264 --a------ C:\WINDOWS\system32\drivers\hfxp2.sys2008-08-07 21:30 . 2008-08-07 21:30 <DIR> d-------- C:\Program Files\Lavasoft2008-08-07 21:30 . 2008-08-07 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft2008-08-07 20:06 . 2008-08-07 20:06 65 --a------ C:\WINDOWS\Kit.ini2008-08-06 17:03 . 2008-08-06 17:03 <DIR> d-------- C:\Program Files\Picasa22008-08-06 17:03 . 2008-08-06 17:03 <DIR> d-------- C:\Program Files\Google2008-08-06 17:03 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys2008-08-06 17:03 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys2008-08-06 14:44 . 2008-08-06 14:44 <DIR> d-------- C:\Program Files\Valve2008-08-06 11:55 . 2004-08-04 00:44 153,088 --a------ C:\WINDOWS\system32\irftp.exe2008-08-06 11:55 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys2008-08-06 11:55 . 2004-08-04 00:44 27,648 --a------ C:\WINDOWS\system32\irmon.dll2008-08-06 11:55 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys2008-08-06 11:55 . 2001-08-17 21:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys2008-08-06 11:55 . 2004-08-04 00:44 8,192 --a------ C:\WINDOWS\system32\wshirda.dll2008-08-05 21:18 . 2008-08-24 19:25 <DIR> d-------- C:\Program Files\XVideoConverter2008-08-05 21:18 . 2008-08-05 21:30 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-04 13:31 . 2008-08-04 13:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf2008-08-04 13:31 . 2008-08-04 13:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf2008-08-04 11:54 . 2008-08-04 11:54 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)2008-08-04 11:54 . 2008-08-04 12:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Audacity2008-08-03 23:37 . 2008-08-03 23:37 <DIR> d-------- C:\Program Files\Intuwave Ltd2008-08-03 23:00 . 2008-08-03 23:00 <DIR> d-------- C:\Program Files\Sony Setup2008-08-03 23:00 . 2008-08-03 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sony Setup2008-08-03 22:30 . 2008-08-03 22:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-08-03 22:30 . 2008-08-03 22:30 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll2008-08-03 22:30 . 2008-08-03 22:30 21,672 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys2008-08-03 22:30 . 2008-08-03 22:30 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys2008-08-03 22:28 . 2008-08-03 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson2008-08-03 22:27 . 2008-08-03 22:57 <DIR> d-------- C:\Program Files\Sony Ericsson2008-08-03 12:31 . 2008-08-07 21:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-08-02 15:18 . 2008-08-02 15:18 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu2008-08-01 14:35 . 2008-08-26 21:26 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI2008-07-31 23:45 . 2008-08-24 21:41 69 --a------ C:\WINDOWS\NeroDigital.ini2008-07-31 23:38 . 2008-07-31 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-07-31 23:38 . 2008-07-31 23:38 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead2008-07-31 23:35 . 2008-07-31 23:35 <DIR> d-------- C:\Program Files\Nero2008-07-31 23:35 . 2008-07-31 23:38 <DIR> d-------- C:\Program Files\Common Files\Ahead2008-07-31 23:35 . 2008-07-31 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-07-31 18:25 . 2008-07-31 18:25 <DIR> d-------- C:\Program Files\Asprate2008-07-31 14:02 . 2008-07-31 14:02 <DIR> d-------- C:\WINDOWS\Sun2008-07-31 13:11 . 2008-07-31 13:12 <DIR> d-------- C:\Program Files\Ares2008-07-31 12:38 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys2008-07-31 11:46 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys2008-07-31 11:46 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys2008-07-31 11:45 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll2008-07-31 11:44 . 2008-07-31 11:44 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne2008-07-31 11:44 . 2008-07-31 11:44 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione2008-07-31 11:44 . 2008-07-31 09:47 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony2008-07-31 11:44 . 2008-07-31 11:44 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit2008-07-31 11:44 . 2008-07-31 11:44 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty2008-07-31 11:44 . 2008-07-31 11:44 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start2008-07-31 11:44 . 2008-07-31 09:51 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji2008-07-31 11:44 . 2008-07-31 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione2008-07-31 11:44 . 2008-07-31 11:44 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony2008-07-31 11:44 . 2008-08-23 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit2008-07-31 11:44 . 2008-07-31 09:50 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start2008-07-31 11:44 . 2008-08-19 11:10 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty2008-07-31 11:44 . 2008-08-24 19:24 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji2008-07-31 11:43 . 2008-07-31 09:54 <DIR> d--h----- C:\Documents and Settings\Default User2008-07-31 11:43 . 2008-07-31 09:49 <DIR> d-------- C:\Documents and Settings\All Users2008-07-31 11:43 . 2008-07-31 09:54 <DIR> d-------- C:\Documents and Settings.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-27 10:09 --------- d-----w C:\Program Files\Neostrada TP2008-08-03 20:56 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-31 08:43 --------- d-----w C:\Program Files\F-Secure Internet Security2008-07-31 08:41 51,072 ----a-w C:\WINDOWS\system32\drivers\fsdfw.sys2008-07-31 08:41 30,016 ----a-w C:\WINDOWS\system32\drivers\fsndis5.sys2008-07-31 08:38 --------- d-----w C:\Program Files\Gadu-Gadu2008-07-31 08:30 315,392 ----a-w C:\WINDOWS\HideWin.exe2008-07-31 08:30 --------- d-----w C:\Program Files\Realtek2008-07-31 08:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\F-Secure2008-07-31 08:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\fssg2008-07-31 08:13 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg2008-07-31 08:13 --------- d-----w C:\Program Files\SAGEM2008-07-31 08:13 --------- d-----w C:\Program Files\Common Files\InstallShield2008-07-31 08:04 --------- d-----w C:\Program Files\VDOTool2008-07-31 07:51 --------- d-----w C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>2008-07-31 07:51 --------- d-----w C:\Program Files\QuickTime Alternative2008-07-31 07:51 --------- d-----w C:\Program Files\Java2008-07-31 07:51 --------- d-----w C:\Program Files\Common Files\Java2008-07-31 07:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-07-31 07:48 --------- d-----w C:\Program Files\Windows Media Connect 2.------- Sigcheck -------2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll2007-07-14 00:56 814592 ce7193c5f7c01b19768e066087c1c919 C:\WINDOWS\system32\wininet.dll2007-07-28 03:15 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys2007-07-26 19:30 2145792 316acc3ac43fc855204ce5e775f66b91 C:\WINDOWS\system32\ntoskrnl.exe2007-07-14 00:42 974848 32f67215c57df2c401bf93b7ee65987f C:\WINDOWS\explorer.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]"Steam"="c:\program files\valve\steam\steam.exe" [2008-08-06 14:49 1271032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" [2007-05-25 15:12 183208]"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 15:11 740208]"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 15:42 106496]"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 16342528 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-31 10:13:18 966756][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableStatusMessages"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"NoSMHelp"= 1 (0x1)"NoResolveTrack"= 1 (0x1)"NoResolveSearch"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\winver.exe"=R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-07-31 10:41]R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2007-01-23 01:26]R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-07-31 10:41]R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 14:24]R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 15:08]S2 AKEProtect;AKEProtect;C:\Program Files\Anti Keylogger Elite\AKEProtect.sys []S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-03 22:30]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 15:09]S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 15:09].- - - - ORPHANS REMOVED - - - -HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exeHKLM-Run-hosted - C:\Windows\system32\system.exe.------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\4dp7lgpr.default\FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-08-27 12:11:24Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-27 12:12:01ComboFix-quarantined-files.txt 2008-08-27 10:11:57Pre-Run: 219,529,707,520 bajtów wolnychPost-Run: 219,526,979,584 bajtów wolnych228
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 27 08 2008 - 16:56
Wklej do notatnika
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po wykonaniu daj nowego loga z combofixa.
C:\hosted.0xe C:\WINDOWS\system32\comglt32a.dll C:\WINDOWS\Kit.ini
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po wykonaniu daj nowego loga z combofixa.
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych
