x-kom hosting

Rootkit boyedt.com

ciacho191
utworzono
utworzono

Witam,

Rownież mam problem z Rootkit boyedt.com

Proszę o pomoc

kod z hijackthis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:24:09, on 2009-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\\WINDOWS\\System32\\smss.exe C:\\WINDOWS\\system32\\winlogon.exe C:\\WINDOWS\\system32\\services.exe C:\\WINDOWS\\system32\\lsass.exe C:\\WINDOWS\\System32\\svchost.exe C:\\WINDOWS\\system32\\Ati2evxx.exe C:\\WINDOWS\\system32\\svchost.exe C:\\WINDOWS\\System32\\svchost.exe C:\\WINDOWS\\system32\\Ati2evxx.exe C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe C:\\WINDOWS\\system32\\spoolsv.exe C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AsGHost.exe C:\\WINDOWS\\Explorer.EXE C:\\WINDOWS\\RTHDCPL.EXE C:\\WINDOWS\\ATK0100\\HControl.exe C:\\Program Files\\ASUS\\Splendid\\ACMON.exe C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE C:\\WINDOWS\\system32\\ACEngSvr.exe C:\\Program Files\\ATKOSD2\\ATKOSD2.exe C:\\WINDOWS\\system32\\qttask.exe C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe C:\\Program Files\\Java\\jre6\\bin\\jusched.exe C:\\WINDOWS\\ATK0100\\ATKOSD.exe C:\\WINDOWS\\system32\\ctfmon.exe D:\\PROGRAMY\\DAEMON Tools Lite\\daemon.exe C:\\Program Files\\Nero\\Nero 7\\InCD\\InCDsrv.exe C:\\Program Files\\Java\\jre6\\bin\\jqs.exe D:\\PROGRAMY\\Gadu-Gadu\\gg.exe C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE C:\\WINDOWS\\system32\\svchost.exe C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe C:\\WINDOWS\\system32\\wscntfy.exe C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe C:\\WINDOWS\\system32\\wuauclt.exe R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\\Program Files\\AskSearch\\bin\\DefaultSearch.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\\Program Files\\AskBarDis\\bar\\bin\\askBar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\\Program Files\\DAEMON Tools Toolbar\\DTToolbar.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\\Program Files\\AskBarDis\\bar\\bin\\askBar.dll O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\\..\\Run: [HControl] C:\\WINDOWS\\ATK0100\\HControl.exe O4 - HKLM\\..\\Run: [CognizanceTS] rundll32.exe C:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule O4 - HKLM\\..\\Run: [ACMON] \"C:\\Program Files\\ASUS\\Splendid\\ACMON.exe\" O4 - HKLM\\..\\Run: [ATKMEDIA] C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE O4 - HKLM\\..\\Run: [ATKOSD2] \"C:\\Program Files\\ATKOSD2\\ATKOSD2.exe\" O4 - HKLM\\..\\Run: [JMB36X IDE Setup] C:\\WINDOWS\\RaidTool\\xInsIDE.exe O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\WINDOWS\\system32\\qttask.exe\" -atboottime O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe O4 - HKLM\\..\\Run: [EPSON Stylus DX3800 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\" O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe O4 - HKLM\\..\\Run: [securDisc] C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe O4 - HKLM\\..\\Run: [inCD] C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe O4 - HKLM\\..\\Run: [sunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\" O4 - HKCU\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\ctfmon.exe O4 - HKCU\\..\\Run: [DAEMON Tools Lite] \"D:\\PROGRAMY\\DAEMON Tools Lite\\daemon.exe\" -autorun O4 - HKCU\\..\\Run: [Gadu-Gadu] \"D:\\PROGRAMY\\Gadu-Gadu\\gg.exe\" /tray O4 - HKCU\\..\\Run: [cdoosoft] C:\\WINDOWS\\system32\\olhrwef.exe O4 - HKUS\\S-1-5-19\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'USŁUGA LOKALNA\') O4 - HKUS\\S-1-5-20\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'USŁUGA SIECIOWA\') O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\') O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\\PROGRAMY\\MICROS~1\\OFFICE11\\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\\PROGRAMY\\MICROS~1\\OFFICE11\\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\\Program Files\\Nero\\Nero 7\\InCD\\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe -- End of file - 6834 bytes

kod z combofix:

ComboFix 09-05-06.08 - Tomek 2009-05-08 13:26.1 - NTFSx86 Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2047.1564 [GMT 2:00] Uruchomiony z: c:\\documents and settings\\Tomek\\Pulpit\\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((((((  Usunięto  ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\\autorun.inf c:\\windows\\system32\\olhrwef.exe D:\\Autorun.inf E:\\Autorun.inf F:\\Autorun.inf . (((((((((((((((((((((((((  Pliki utworzone od 2009-04-08 do 2009-05-08  ))))))))))))))))))))))))))))))) . 2009-05-08 11:23 . 2009-05-08 11:23	  --------	  d-----w	  c:\\program files\\Trend Micro 2009-05-02 21:07 . 2009-05-07 18:16	  --------	  d-----w	  c:\\documents and settings\\Tomek\\Dane aplikacji\\GanymedeNet 2009-05-02 21:06 . 2009-05-02 21:07	  --------	  d-----w	  c:\\program files\\Ganymede 2009-05-01 12:48 . 2003-02-28 07:00	  5632	  ----a-w	  c:\\windows\\system32\\CNMVS50.DLL 2009-05-01 12:48 . 2003-02-28 07:00	  100352	  ----a-w	  c:\\windows\\system32\\CNMLM50.DLL 2009-05-01 12:48 . 2003-02-14 17:01	  73728	  ----a-r	  c:\\windows\\system32\\CNMCP50.exe 2009-05-01 12:48 . 2009-05-02 18:45	  --------	  d--h--w	  C:\\BJPrinter 2009-04-26 15:44 . 2009-04-30 20:58	  --------	  d-----w	  c:\\documents and settings\\Tomek\\Dane aplikacji\\temp 2009-04-26 15:43 . 2009-04-26 15:43	  --------	  d-----w	  c:\\windows\\Logs 2009-04-19 09:17 . 2008-04-03 08:52	  20005	  ----a-w	  c:\\windows\\system32\\drivers\\keillp.sys 2009-04-19 09:17 . 2008-04-03 08:52	  35306	  ----a-w	  c:\\windows\\system32\\drivers\\keilul.sys 2009-04-19 09:17 . 2009-04-19 09:17	  --------	  d-----w	  C:\\Keil 2009-04-19 08:57 . 2009-04-19 08:57	  --------	  d-----w	  c:\\windows\\Sun 2009-04-19 08:56 . 2009-04-19 08:56	  410984	  ----a-w	  c:\\windows\\system32\\deploytk.dll 2009-04-19 08:56 . 2009-04-19 08:56	  --------	  d-----w	  c:\\program files\\Java 2009-04-09 20:08 . 2001-07-02 19:45	  196608	  ----a-w	  c:\\windows\\system32\\Ifc22.dll 2009-04-09 19:59 . 2001-12-12 09:37	  30772	  ----a-w	  c:\\windows\\system32\\drivers\\ImHidUsb.sys 2009-04-09 19:59 . 2001-12-12 09:37	  16384	  ----a-w	  c:\\windows\\system32\\imm_enu.dll 2009-04-09 19:59 . 2000-07-13 13:28	  417792	  ----a-w	  c:\\windows\\system32\\ImmSplsh.exe 2009-04-09 19:59 . 2001-12-12 09:38	  106496	  ----a-w	  c:\\windows\\system32\\ImmPID.dll 2009-04-09 19:59 . 2000-10-10 14:42	  86016	  ----a-w	  c:\\windows\\system32\\Immdx5.dll 2009-04-09 19:59 . 2001-12-12 09:37	  1024000	  ----a-w	  c:\\windows\\system32\\ImmCpl.dll 2009-04-09 19:59 . 2000-10-10 14:43	  65536	  ----a-w	  c:\\windows\\system32\\Immcheck.exe 2009-04-09 19:59 . 1998-11-03 15:31	  61440	  ----a-w	  c:\\windows\\system32\\Iforce2.dll 2009-04-09 19:59 . 2000-08-02 18:01	  155648	  ----a-w	  c:\\windows\\system32\\Ifc21.dll 2009-04-09 19:59 . 2009-04-09 19:59	  --------	  d-----w	  c:\\program files\\KYE 2009-04-09 19:59 . 1998-10-29 14:45	  306688	  ----a-w	  c:\\windows\\IsUninst.exe . ((((((((((((((((((((((((((((((((((((((((  Sekcja Find3M  )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 20:28 . 2009-04-02 20:28	  98304	  ----a-w	  c:\\windows\\system32\\CmdLineExt.dll 2009-04-02 19:57 . 2009-03-13 20:53	  --------	  d--h--w	  c:\\program files\\InstallShield Installation Information 2009-04-02 06:13 . 2009-03-16 12:47	  --------	  d-----w	  c:\\program files\\EPLAN 2009-03-29 19:17 . 2006-03-02 12:00	  74648	  ----a-w	  c:\\windows\\system32\\perfc015.dat 2009-03-29 19:17 . 2006-03-02 12:00	  448586	  ----a-w	  c:\\windows\\system32\\perfh015.dat 2009-03-22 15:29 . 2009-03-22 15:29	  --------	  d-----w	  c:\\program files\\Common Files\\LightScribe 2009-03-22 15:27 . 2009-03-22 15:20	  --------	  d-----w	  c:\\program files\\Common Files\\Ahead 2009-03-22 15:20 . 2009-03-22 15:20	  --------	  d-----w	  c:\\program files\\Nero 2009-03-17 20:11 . 2009-03-13 20:23	  86327	  ----a-w	  c:\\windows\\pchealth\\helpctr\\OfflineCache\\index.dat 2009-03-17 14:17 . 2009-03-17 14:16	  --------	  d-----w	  c:\\program files\\EPSON 2009-03-16 12:47 . 2009-03-16 12:47	  191488	  ----a-w	  c:\\windows\\system32\\hlvdd.dll 2009-03-15 18:13 . 2009-03-15 18:13	  63592	  ----a-w	  c:\\documents and settings\\Tomek\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT 2009-03-15 13:55 . 2009-03-15 13:55	  --------	  d-----w	  c:\\program files\\Microsoft.NET 2009-03-15 13:54 . 2009-03-15 13:54	  --------	  d-----w	  c:\\program files\\Microsoft Works 2009-03-15 11:19 . 2009-03-15 11:19	  --------	  d-----w	  c:\\program files\\Alwil Software 2009-03-14 12:21 . 2009-03-14 12:21	  --------	  d-----w	  c:\\program files\\AskSearch 2009-03-14 12:21 . 2009-03-14 12:21	  --------	  d-----w	  c:\\program files\\AskBarDis 2009-03-14 12:18 . 2009-03-14 12:18	  --------	  d-----w	  c:\\program files\\DAEMON Tools Toolbar 2009-03-14 12:16 . 2009-03-14 12:16	  717296	  ----a-w	  c:\\windows\\system32\\drivers\\sptd.sys 2009-03-13 22:11 . 2009-03-13 22:11	  98304	  ----a-w	  c:\\windows\\system32\\qttask.exe 2009-03-13 21:33 . 2009-03-13 21:33	  0	  ----a-w	  c:\\windows\\nsreg.dat 2009-03-13 21:25 . 2009-03-13 21:09	  --------	  d-----w	  c:\\program files\\ASUS 2009-03-13 21:25 . 2009-03-13 21:24	  --------	  d-----w	  c:\\program files\\ATKOSD2 2009-03-13 21:24 . 2009-03-13 20:52	  --------	  d-----w	  c:\\program files\\Common Files\\InstallShield 2009-03-13 21:08 . 2009-03-13 21:08	  --------	  d-----w	  c:\\program files\\ASUS Security Center 2009-03-13 21:08 . 2009-03-13 21:08	  --------	  d-----w	  c:\\program files\\Fingerprint Sensor 2009-03-13 20:53 . 2009-03-13 20:53	  --------	  d-----w	  c:\\program files\\Realtek 2009-03-13 20:53 . 2009-03-13 20:53	  315392	  ----a-w	  c:\\windows\\HideWin.exe 2009-03-13 20:52 . 2009-03-13 20:52	  0	  ----a-w	  c:\\windows\\ativpsrm.bin 2009-03-13 20:39 . 2009-03-13 20:39	  --------	  d-----w	  c:\\program files\\Intel 2009-03-13 20:24 . 2009-03-13 20:24	  --------	  d-----w	  c:\\program files\\microsoft frontpage 2009-03-13 20:23 . 2006-03-02 12:00	  67	  --sha-w	  c:\\windows\\Fonts\\desktop.ini 2009-03-13 20:22 . 2009-03-13 20:22	  --------	  d-----w	  c:\\program files\\Usługi online 2009-03-13 20:21 . 2009-03-13 20:21	  21856	  ----a-w	  c:\\windows\\system32\\emptyregdb.dat . (((((((((((((((((((((((((((((((((((((  Wpisy startowe rejestru  )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4 [HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58	  333192	  ----a-w	  c:\\program files\\AskBarDis\\bar\\bin\\askBar.dll [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar] \"{3041d03e-fd4b-44e0-b742-2d9b88305f98}\"= \"c:\\program files\\AskBarDis\\bar\\bin\\askBar.dll\" [2008-11-18 333192] [HKEY_CLASSES_ROOT\\clsid\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\\TypeLib\\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\Webbrowser] \"{3041D03E-FD4B-44E0-B742-2D9B88305F98}\"= \"c:\\program files\\AskBarDis\\bar\\bin\\askBar.dll\" [2008-11-18 333192] [HKEY_CLASSES_ROOT\\clsid\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\\TypeLib\\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2006-03-02 15360] \"DAEMON Tools Lite\"=\"d:\\programy\\DAEMON Tools Lite\\daemon.exe\" [2008-12-29 687560] \"Gadu-Gadu\"=\"d:\\programy\\Gadu-Gadu\\gg.exe\" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"HControl\"=\"c:\\windows\\ATK0100\\HControl.exe\" [2006-07-28 110592] \"CognizanceTS\"=\"c:\\progra~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll\" [2008-06-16 17920] \"ACMON\"=\"c:\\program files\\ASUS\\Splendid\\ACMON.exe\" [2007-06-26 851968] \"ATKMEDIA\"=\"c:\\program files\\ASUS\\ATK Media\\DMEDIA.EXE\" [2006-11-02 61440] \"ATKOSD2\"=\"c:\\program files\\ATKOSD2\\ATKOSD2.exe\" [2007-07-03 7708672] \"JMB36X IDE Setup\"=\"c:\\windows\\RaidTool\\xInsIDE.exe\" [2008-06-16 36864] \"QuickTime Task\"=\"c:\\windows\\system32\\qttask.exe\" [2009-03-13 98304] \"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2009-02-05 81000] \"EPSON Stylus DX3800 Series\"=\"c:\\windows\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE\" [2005-02-08 98304] \"NeroFilterCheck\"=\"c:\\program files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2007-03-01 153136] \"SecurDisc\"=\"c:\\program files\\Nero\\Nero 7\\InCD\\NBHGui.exe\" [2007-11-26 1629480] \"InCD\"=\"c:\\program files\\Nero\\Nero 7\\InCD\\InCD.exe\" [2007-11-26 1057064] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-04-19 148888] \"RTHDCPL\"=\"RTHDCPL.EXE\" - c:\\windows\\RTHDCPL.exe [2008-05-28 16862720] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2006-03-02 15360] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\OneCard] 2008-06-16 16:16	  74240	  ----a-r	  c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows] \"AppInit_DLLs\"=c:\\windows\\system32\\APSHook.dll HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32 \"wave1\"= serwvdrv.dll [HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\lsa] Notification Packages	  REG_MULTI_SZ		scecli ASWLNPkg [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\system32\\\\sessmgr.exe\"= \"d:\\\\PROGRAMY\\\\Gadu-Gadu\\\\gg.exe\"= \"c:\\\\Program Files\\\\EPLAN\\\\Education\\\\1.9.6\\\\BIN\\\\W3u.exe\"= R0 lullaby;lullaby;c:\\windows\\system32\\drivers\\lullaby.sys [2009-03-13 15416] R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2009-03-15 114768] R2 ASBroker;Logon Session Broker;c:\\windows\\System32\\svchost.exe -k Cognizance [2006-03-02 14336] R2 ASChannel;Local Communication Channel;c:\\windows\\System32\\svchost.exe -k Cognizance [2006-03-02 14336] R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2009-03-15 20560] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\\windows\\system32\\drivers\\l151x86.sys [2009-03-13 36864] S3 imhidusb;Immersion\'s HID USB Driver;c:\\windows\\system32\\drivers\\ImHidUsb.sys [2009-04-09 30772] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost] Cognizance	  REG_MULTI_SZ		ASBroker ASChannel [HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{23ee4807-19e4-11de-b0a2-001f3c0b475e}] \\Shell\\AutoRun\\command - I:\\mt.bat \\Shell\\open\\Command - I:\\mt.bat [HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{32095c84-1092-11de-b098-001f3c0b475e}] \\Shell\\AutoRun\\command - I:\\boyedt.com \\Shell\\open\\Command - I:\\boyedt.com [HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\explorer\\mountpoints2\\{36f245b2-1152-11de-b09b-001f3c0b475e}] \\Shell\\AutoRun\\command - mt.bat \\Shell\\open\\Command - mt.bat [HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] \"c:\\program files\\Common Files\\LightScribe\\LSRunOnce.exe\" . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-cdoosoft - c:\\windows\\system32\\olhrwef.exe . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s IE: E&ksport do programu Microsoft Excel - d:\\programy\\MICROS~1\\OFFICE11\\EXCEL.EXE/3000 FF - ProfilePath - c:\\documents and settings\\Tomek\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\wlqlgpc2.default\\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.onet.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\np-mswmp.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npFoxitReaderPlugin.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npganymedenet.dll FF - plugin: d:\\programy\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nppl3260.dll FF - plugin: d:\\programy\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 13:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\\S-1-5-21-1343024091-412668190-839522115-1003\\Software\\SecuROM\\!CAUTION! NEVER A OR CHANGE ANY KEY*] \"??\"=hex:38,5e,29,2f,d7,8d,1f,3c,69,94,8a,ac,32,2b,28,22,c3,b3,9d,18,51,1b,56,   6e,9f,27,97,39,91,24,0f,ae,bf,03,f8,fe,a7,9b,2f,db,1d,76,3a,e0,3e,1a,7b,d3,\\ \"??\"=hex:d5,e0,b9,b1,ef,b6,08,91,2d,a4,8d,56,1f,44,89,10 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > \'winlogon.exe\'(1496) c:\\windows\\system32\\APSHook.dll c:\\windows\\system32\\Ati2evxx.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ItMsg.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\TrayIcon.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\bin\\brand.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AsChnl.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItDAC.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItReports.DLL c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\BioAuth.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASBioAT.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItVCClient.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AuthWiz.dll - - - - - - - > \'lsass.exe\'(1552) c:\\windows\\system32\\APSHook.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ASWLNPkg.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ItMsg.dll . Czas ukończenia: 2009-05-08 13:29 ComboFix-quarantined-files.txt  2009-05-08 11:29 Przed: 38 091 624 448 bajtów wolnych Po: 38 279 815 168 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS [operating systems] c:\\cmdcons\\BOOTSECT.DAT=\"Microsoft Windows Recovery Console\" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP Professional\" /fastdetect /NoExecute=OptOut 215

// Nie podpinaj się pod cudze tematy.

// Logi wstawiamy w tagi *code

// Robię odzielny temat.

// Wstawiam logi w tagi code

// djdresik

Gość
komentarz
komentarz

Wklej do Notatnika:

Folder::c:\program files\AskBarDisRegistry::[-HKEY_LOCAL_MACHINE\\~\\Browser Helper Objects\\{201f27d4-3704-41d6-89c1-aa35e39143ed}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}\"=-[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}\"=-[-HKEY_CLASSES_ROOT\\clsid\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [-HKEY_CLASSES_ROOT\\TypeLib\\{4b1c1e16-6b34-430e-b074-5928eca4c150}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

ciacho191
komentarz
komentarz

Dziekuje Ci bardzo

I przepraszam za robienie balaganu na forum

Pozdrawiam

kod po poprawieniu

ComboFix 09-05-06.08 - Tomek 2009-05-08 19:34.2 - NTFSx86 Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2047.1560 [GMT 2:00] Uruchomiony z: c:\\documents and settings\\Tomek\\Pulpit\\ComboFix.exe Użyto następujących komend :: c:\\documents and settings\\Tomek\\Pulpit\\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090507-0] *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((((((  Usunięto  ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\\program files\\AskBarDis c:\\program files\\AskBarDis\\bar\\bin\\askBar.dll c:\\program files\\AskBarDis\\bar\\bin\\askPopStp.dll c:\\program files\\AskBarDis\\bar\\bin\\psvince.dll c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]A265A67 c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]A265D65.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49D5F4.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49D901.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49DA4A.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49DBA1.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49DD47.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49DE9F.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49DFE7.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49E120.bin c:\\program files\\AskBarDis\\bar\\Cache\\[u]0[/u]F49E277.bin c:\\program files\\AskBarDis\\bar\\Cache\\files.ini c:\\program files\\AskBarDis\\bar\\History\\search c:\\program files\\AskBarDis\\bar\\Settings\\config.dat c:\\program files\\AskBarDis\\bar\\Settings\\config.dat.bak c:\\program files\\AskBarDis\\bar\\Settings\\prevcfg.htm c:\\program files\\AskBarDis\\bar\\Settings\\prevCfg2.htm c:\\program files\\AskBarDis\\unins000.dat c:\\program files\\AskBarDis\\unins000.exe . (((((((((((((((((((((((((  Pliki utworzone od 2009-04-08 do 2009-05-08  ))))))))))))))))))))))))))))))) . 2009-05-08 11:23 . 2009-05-08 11:23	  --------	  d-----w	  c:\\program files\\Trend Micro 2009-05-02 21:07 . 2009-05-08 14:34	  --------	  d-----w	  c:\\documents and settings\\Tomek\\Dane aplikacji\\GanymedeNet 2009-05-02 21:06 . 2009-05-02 21:07	  --------	  d-----w	  c:\\program files\\Ganymede 2009-05-01 12:48 . 2003-02-28 07:00	  5632	  ----a-w	  c:\\windows\\system32\\CNMVS50.DLL 2009-05-01 12:48 . 2003-02-28 07:00	  100352	  ----a-w	  c:\\windows\\system32\\CNMLM50.DLL 2009-05-01 12:48 . 2003-02-14 17:01	  73728	  ----a-r	  c:\\windows\\system32\\CNMCP50.exe 2009-05-01 12:48 . 2009-05-02 18:45	  --------	  d--h--w	  C:\\BJPrinter 2009-04-26 15:44 . 2009-04-30 20:58	  --------	  d-----w	  c:\\documents and settings\\Tomek\\Dane aplikacji\\temp 2009-04-26 15:43 . 2009-04-26 15:43	  --------	  d-----w	  c:\\windows\\Logs 2009-04-19 09:17 . 2008-04-03 08:52	  20005	  ----a-w	  c:\\windows\\system32\\drivers\\keillp.sys 2009-04-19 09:17 . 2008-04-03 08:52	  35306	  ----a-w	  c:\\windows\\system32\\drivers\\keilul.sys 2009-04-19 09:17 . 2009-04-19 09:17	  --------	  d-----w	  C:\\Keil 2009-04-19 08:57 . 2009-04-19 08:57	  --------	  d-----w	  c:\\windows\\Sun 2009-04-19 08:56 . 2009-04-19 08:56	  410984	  ----a-w	  c:\\windows\\system32\\deploytk.dll 2009-04-19 08:56 . 2009-04-19 08:56	  --------	  d-----w	  c:\\program files\\Java 2009-04-09 20:08 . 2001-07-02 19:45	  196608	  ----a-w	  c:\\windows\\system32\\Ifc22.dll 2009-04-09 19:59 . 2001-12-12 09:37	  30772	  ----a-w	  c:\\windows\\system32\\drivers\\ImHidUsb.sys 2009-04-09 19:59 . 2001-12-12 09:37	  16384	  ----a-w	  c:\\windows\\system32\\imm_enu.dll 2009-04-09 19:59 . 2000-07-13 13:28	  417792	  ----a-w	  c:\\windows\\system32\\ImmSplsh.exe 2009-04-09 19:59 . 2001-12-12 09:38	  106496	  ----a-w	  c:\\windows\\system32\\ImmPID.dll 2009-04-09 19:59 . 2000-10-10 14:42	  86016	  ----a-w	  c:\\windows\\system32\\Immdx5.dll 2009-04-09 19:59 . 2001-12-12 09:37	  1024000	  ----a-w	  c:\\windows\\system32\\ImmCpl.dll 2009-04-09 19:59 . 2000-10-10 14:43	  65536	  ----a-w	  c:\\windows\\system32\\Immcheck.exe 2009-04-09 19:59 . 1998-11-03 15:31	  61440	  ----a-w	  c:\\windows\\system32\\Iforce2.dll 2009-04-09 19:59 . 2000-08-02 18:01	  155648	  ----a-w	  c:\\windows\\system32\\Ifc21.dll 2009-04-09 19:59 . 2009-04-09 19:59	  --------	  d-----w	  c:\\program files\\KYE 2009-04-09 19:59 . 1998-10-29 14:45	  306688	  ----a-w	  c:\\windows\\IsUninst.exe . ((((((((((((((((((((((((((((((((((((((((  Sekcja Find3M  )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 20:28 . 2009-04-02 20:28	  98304	  ----a-w	  c:\\windows\\system32\\CmdLineExt.dll 2009-04-02 19:57 . 2009-03-13 20:53	  --------	  d--h--w	  c:\\program files\\InstallShield Installation Information 2009-04-02 06:13 . 2009-03-16 12:47	  --------	  d-----w	  c:\\program files\\EPLAN 2009-03-29 19:17 . 2006-03-02 12:00	  74648	  ----a-w	  c:\\windows\\system32\\perfc015.dat 2009-03-29 19:17 . 2006-03-02 12:00	  448586	  ----a-w	  c:\\windows\\system32\\perfh015.dat 2009-03-22 15:29 . 2009-03-22 15:29	  --------	  d-----w	  c:\\program files\\Common Files\\LightScribe 2009-03-22 15:27 . 2009-03-22 15:20	  --------	  d-----w	  c:\\program files\\Common Files\\Ahead 2009-03-22 15:20 . 2009-03-22 15:20	  --------	  d-----w	  c:\\program files\\Nero 2009-03-17 20:11 . 2009-03-13 20:23	  86327	  ----a-w	  c:\\windows\\pchealth\\helpctr\\OfflineCache\\index.dat 2009-03-17 14:17 . 2009-03-17 14:16	  --------	  d-----w	  c:\\program files\\EPSON 2009-03-16 12:47 . 2009-03-16 12:47	  191488	  ----a-w	  c:\\windows\\system32\\hlvdd.dll 2009-03-15 18:13 . 2009-03-15 18:13	  63592	  ----a-w	  c:\\documents and settings\\Tomek\\Ustawienia lokalne\\Dane aplikacji\\GDIPFONTCACHEV1.DAT 2009-03-15 13:55 . 2009-03-15 13:55	  --------	  d-----w	  c:\\program files\\Microsoft.NET 2009-03-15 13:54 . 2009-03-15 13:54	  --------	  d-----w	  c:\\program files\\Microsoft Works 2009-03-15 11:19 . 2009-03-15 11:19	  --------	  d-----w	  c:\\program files\\Alwil Software 2009-03-14 12:21 . 2009-03-14 12:21	  --------	  d-----w	  c:\\program files\\AskSearch 2009-03-14 12:18 . 2009-03-14 12:18	  --------	  d-----w	  c:\\program files\\DAEMON Tools Toolbar 2009-03-14 12:16 . 2009-03-14 12:16	  717296	  ----a-w	  c:\\windows\\system32\\drivers\\sptd.sys 2009-03-13 22:11 . 2009-03-13 22:11	  98304	  ----a-w	  c:\\windows\\system32\\qttask.exe 2009-03-13 21:33 . 2009-03-13 21:33	  0	  ----a-w	  c:\\windows\\nsreg.dat 2009-03-13 21:25 . 2009-03-13 21:09	  --------	  d-----w	  c:\\program files\\ASUS 2009-03-13 21:25 . 2009-03-13 21:24	  --------	  d-----w	  c:\\program files\\ATKOSD2 2009-03-13 21:24 . 2009-03-13 20:52	  --------	  d-----w	  c:\\program files\\Common Files\\InstallShield 2009-03-13 21:08 . 2009-03-13 21:08	  --------	  d-----w	  c:\\program files\\ASUS Security Center 2009-03-13 21:08 . 2009-03-13 21:08	  --------	  d-----w	  c:\\program files\\Fingerprint Sensor 2009-03-13 20:53 . 2009-03-13 20:53	  --------	  d-----w	  c:\\program files\\Realtek 2009-03-13 20:53 . 2009-03-13 20:53	  315392	  ----a-w	  c:\\windows\\HideWin.exe 2009-03-13 20:52 . 2009-03-13 20:52	  0	  ----a-w	  c:\\windows\\ativpsrm.bin 2009-03-13 20:39 . 2009-03-13 20:39	  --------	  d-----w	  c:\\program files\\Intel 2009-03-13 20:24 . 2009-03-13 20:24	  --------	  d-----w	  c:\\program files\\microsoft frontpage 2009-03-13 20:23 . 2006-03-02 12:00	  67	  --sha-w	  c:\\windows\\Fonts\\desktop.ini 2009-03-13 20:22 . 2009-03-13 20:22	  --------	  d-----w	  c:\\program files\\Usługi online 2009-03-13 20:21 . 2009-03-13 20:21	  21856	  ----a-w	  c:\\windows\\system32\\emptyregdb.dat . (((((((((((((((((((((((((((((((((((((  Wpisy startowe rejestru  )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4 [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\ctfmon.exe\" [2006-03-02 15360] \"DAEMON Tools Lite\"=\"d:\\programy\\DAEMON Tools Lite\\daemon.exe\" [2008-12-29 687560] \"Gadu-Gadu\"=\"d:\\programy\\Gadu-Gadu\\gg.exe\" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run] \"HControl\"=\"c:\\windows\\ATK0100\\HControl.exe\" [2006-07-28 110592] \"CognizanceTS\"=\"c:\\progra~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll\" [2008-06-16 17920] \"ACMON\"=\"c:\\program files\\ASUS\\Splendid\\ACMON.exe\" [2007-06-26 851968] \"ATKMEDIA\"=\"c:\\program files\\ASUS\\ATK Media\\DMEDIA.EXE\" [2006-11-02 61440] \"ATKOSD2\"=\"c:\\program files\\ATKOSD2\\ATKOSD2.exe\" [2007-07-03 7708672] \"JMB36X IDE Setup\"=\"c:\\windows\\RaidTool\\xInsIDE.exe\" [2008-06-16 36864] \"QuickTime Task\"=\"c:\\windows\\system32\\qttask.exe\" [2009-03-13 98304] \"avast!\"=\"c:\\progra~1\\ALWILS~1\\Avast4\\ashDisp.exe\" [2009-02-05 81000] \"EPSON Stylus DX3800 Series\"=\"c:\\windows\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE\" [2005-02-08 98304] \"NeroFilterCheck\"=\"c:\\program files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\" [2007-03-01 153136] \"SecurDisc\"=\"c:\\program files\\Nero\\Nero 7\\InCD\\NBHGui.exe\" [2007-11-26 1629480] \"InCD\"=\"c:\\program files\\Nero\\Nero 7\\InCD\\InCD.exe\" [2007-11-26 1057064] \"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\" [2009-04-19 148888] \"RTHDCPL\"=\"RTHDCPL.EXE\" - c:\\windows\\RTHDCPL.exe [2008-05-28 16862720] [HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run] \"CTFMON.EXE\"=\"c:\\windows\\system32\\CTFMON.EXE\" [2006-03-02 15360] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\OneCard] 2008-06-16 16:16	  74240	  ----a-r	  c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\windows] \"AppInit_DLLs\"=c:\\windows\\system32\\APSHook.dll HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32 \"wave1\"= serwvdrv.dll [HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\lsa] Notification Packages	  REG_MULTI_SZ		scecli ASWLNPkg [HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List] \"%windir%\\\\system32\\\\sessmgr.exe\"= \"d:\\\\PROGRAMY\\\\Gadu-Gadu\\\\gg.exe\"= \"c:\\\\Program Files\\\\EPLAN\\\\Education\\\\1.9.6\\\\BIN\\\\W3u.exe\"= R0 lullaby;lullaby;c:\\windows\\system32\\drivers\\lullaby.sys [2009-03-13 15416] R1 aswSP;avast! Self Protection;c:\\windows\\system32\\drivers\\aswSP.sys [2009-03-15 114768] R2 ASBroker;Logon Session Broker;c:\\windows\\System32\\svchost.exe -k Cognizance [2006-03-02 14336] R2 ASChannel;Local Communication Channel;c:\\windows\\System32\\svchost.exe -k Cognizance [2006-03-02 14336] R2 aswFsBlk;aswFsBlk;c:\\windows\\system32\\drivers\\aswFsBlk.sys [2009-03-15 20560] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\\windows\\system32\\drivers\\l151x86.sys [2009-03-13 36864] S3 imhidusb;Immersion\'s HID USB Driver;c:\\windows\\system32\\drivers\\ImHidUsb.sys [2009-04-09 30772] [HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\svchost] Cognizance	  REG_MULTI_SZ		ASBroker ASChannel [HKEY_LOCAL_MACHINE\\software\\microsoft\\active setup\\installed components\\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] \"c:\\program files\\Common Files\\LightScribe\\LSRunOnce.exe\" . - - - - USUNIĘTO PUSTE WPISY - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s IE: E&ksport do programu Microsoft Excel - d:\\programy\\MICROS~1\\OFFICE11\\EXCEL.EXE/3000 FF - ProfilePath - c:\\documents and settings\\Tomek\\Dane aplikacji\\Mozilla\\Firefox\\Profiles\\wlqlgpc2.default\\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.onet.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\np-mswmp.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npFoxitReaderPlugin.dll FF - plugin: c:\\program files\\Mozilla Firefox\\plugins\\npganymedenet.dll FF - plugin: d:\\programy\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nppl3260.dll FF - plugin: d:\\programy\\ACE Mega CoDecS Pack\\SystemS\\RealMedia\\Browser\\plugins\\nprpjplug.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 19:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\\S-1-5-21-1343024091-412668190-839522115-1003\\Software\\SecuROM\\!CAUTION! NEVER A OR CHANGE ANY KEY*] \"??\"=hex:38,5e,29,2f,d7,8d,1f,3c,69,94,8a,ac,32,2b,28,22,c3,b3,9d,18,51,1b,56,   6e,9f,27,97,39,91,24,0f,ae,bf,03,f8,fe,a7,9b,2f,db,1d,76,3a,e0,3e,1a,7b,d3,\\ \"??\"=hex:d5,e0,b9,b1,ef,b6,08,91,2d,a4,8d,56,1f,44,89,10 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > \'winlogon.exe\'(1496) c:\\windows\\system32\\APSHook.dll c:\\windows\\system32\\Ati2evxx.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ItMsg.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\TrayIcon.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\bin\\brand.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AsChnl.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItDAC.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItReports.DLL c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\BioAuth.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASBioAT.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItVCClient.dll c:\\program files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AuthWiz.dll - - - - - - - > \'lsass.exe\'(1552) c:\\windows\\system32\\APSHook.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ASWLNPkg.dll c:\\program files\\asus security center\\asus security protect manager\\bin\\ItMsg.dll . Czas ukończenia: 2009-05-08 19:37 ComboFix-quarantined-files.txt  2009-05-08 17:36 Przed: 37 497 802 752 bajtów wolnych Po: 37 486 047 232 bajtów wolnych 208

// Upominam Cię poraz kolejny, logi wstawiamy w tagi code/code

// Poprawiam.

// djdresik

Gość
komentarz
komentarz

Czysto.

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

3. Wykonaj optymalizację systemu

4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

ciacho191
komentarz
komentarz

Raport z kasperskyego:

-------------------------------------------------------------------------------- RAPORT KASPERSKY ONLINE SCANNER 7.0 sobota, 9 maj 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Saturday, May 09, 2009 17:03:25 Liczba wpisów: 2151382 -------------------------------------------------------------------------------- Ustawienia skanowania: 	  Typ bazy danych użytej do skanowania: rozszerzona 	  Skanuj archiwa: tak 	  Skanuj pocztowe bazy danych: tak Obszar skanowania - Mój komputer: 	  C:\\ 	  D:\\ 	  E:\\ 	  F:\\ 	  G:\\ 	  H:\\ Statystyki skanowania: 	  Przeskanowanych plików: 161886 	  Nazwa zagrożenia: 1 	  Zainfekowanych obiektów: 3 	  Podejrzanych obiektów: 0 	  Czas skanowania: 02:18:05 Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeń D:\\boyedt.com	  Zainfekowany: Trojan-GameThief.Win32.OnLineGames.blzx	  1 E:\\boyedt.com	  Zainfekowany: Trojan-GameThief.Win32.OnLineGames.blzx	  1 F:\\boyedt.com	  Zainfekowany: Trojan-GameThief.Win32.OnLineGames.blzx	  1 Wybrany obszar został przeskanowany.
Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:D:\boyedt.com	 E:\boyedt.com	  F:\boyedt.com

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

.

ciacho191
komentarz
komentarz (edytowane)
Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "D:\boyedt.com" deleted successfully.File "E:\boyedt.com" deleted successfully.File "F:\boyedt.com" deleted successfully.Completed script processing.

Przepraszam za moj brak czytania ze zrozumieniem ;)

Gość
komentarz
komentarz

Posprzątaj po Avengerze i różnych narzędziach >>> OTCleanIt.

I to wszystko z mojej strony. ;]

.

ciacho191
komentarz
komentarz

Dzięki :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.