x-kom hosting

Prosze o analize loga

Painmaster
utworzono
utworzono (edytowane)
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:50:22, on 2009-05-11Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\TEMP\BBAE.tmpD:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\DAP\DAP.EXEC:\DOCUME~1\Patikos\USTAWI~1\Temp\Rar$EX00.188\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66029R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FG\jccatch.dll (file missing)O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dllO2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MU\MegaIEMn.dll (file missing)O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FG\getflash.dll (file missing)O2 - BHO: XBTP01621 Class - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing)O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitLord\BitLord.exe"O4 - HKCU\..\Run: [Patikos] C:\Documents and Settings\Patikos\Patikos.exe /iO4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exeO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FG\FlashGet.exe (file missing)O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FG\FlashGet.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2}: NameServer = 194.63.132.4,194.63.133.4O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Intel? NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Piraci Nowego Swiata 2: Dwa Skarby Drivers Auto Removal (pr2aje8c) (pr2aje8c) - Cenega Poland - C:\WINDOWS\system32\pr2aje8c.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6087 bytes

Mam problem z digeste.dll pisze ze jest niepoprawna aplikacja systemy windows NT po za tym BOSD ale dalem go do Windows XP

Gość
komentarz
komentarz

Daj log z ComboFixa.

.

Painmaster
komentarz
komentarz

dalbym ale nie moge wyłaczyc anty vira(nod32 2.70) ja wchodz w proscesy to mi sie wlacza na nowo a przy combofixie pisze ze musze miec to wylaczone:( moze kto pomoc?

Gość
komentarz
komentarz

Uruchom ComboFixa w Trybie Awaryjnym.

.

Painmaster
komentarz
komentarz
ComboFix 09-05-11.01 - Patikos 2009-05-12 20:04.2 - NTFSx86 NETWORKMicrosoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.767.632 [GMT 2:00]Uruchomiony z: c:\documents and settings\Patikos\Pulpit\ComboFix.exeAV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated).(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))..---- Poprzednie uruchomienie -------.c:\documents and settings\Adrian\Dane aplikacji\ShoppingReportc:\documents and settings\Adrian\Dane aplikacji\ShoppingReport\cs\Config.xmlc:\documents and settings\Patikos\Dane aplikacji\wiaserva.logc:\documents and settings\Patikos\Patikos.exec:\program files\ShoppingReportc:\program files\ShoppingReport\Uninst.exec:\windows\system32\crypts.dllc:\windows\system32\digeste.dllc:\windows\system32\digiwet.dllc:\windows\system32\drivers\gaofyuzx.sysc:\windows\system32\drivers\str.sysc:\windows\system32\drivers\systemntmi.sys.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_SYSTEMNTMI-------\Service_systemntmi(((((((((((((((((((((((((   Pliki utworzone od 2009-04-12 do 2009-05-12  ))))))))))))))))))))))))))))))).2009-05-10 09:34 . 2009-05-10 09:34	--------	d-----w	c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\PunkBuster2009-05-10 09:30 . 2009-05-10 13:19	138944	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 09:30	22328	----a-w	c:\documents and settings\Patikos\Dane aplikacji\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 13:18	189784	----a-w	c:\windows\system32\PnkBstrB.exe2009-05-10 09:30 . 2009-05-10 13:19	75064	----a-w	c:\windows\system32\PnkBstrA.exe2009-05-10 09:30 . 2009-05-10 09:30	2246144	----a-w	c:\windows\system32\pbsvc.exe2009-05-10 09:30 . 2009-05-10 09:30	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\id Software2009-05-09 15:07 . 2009-05-10 09:16	--------	d-----w	c:\documents and settings\Daga\Phone Browser2009-05-09 11:53 . 2009-05-09 11:53	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\PC Suite2009-05-08 18:45 . 2009-05-10 09:17	--------	d-----w	c:\windows\$hf_mig$2009-05-08 16:52 . 2009-05-09 09:13	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Nokia Multimedia Player2009-05-08 16:50 . 2009-05-08 16:50	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Datalayer2009-05-08 16:49 . 2009-05-09 09:18	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Nokia N702009-05-08 16:49 . 2009-05-10 09:17	--------	d-----w	c:\documents and settings\Patikos\Phone Browser2009-05-08 16:45 . 2009-05-08 16:45	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-08 16:48	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-10 09:17	--------	d-----w	c:\program files\Common Files\PCSuite2009-05-08 15:33 . 2009-05-08 16:03	86	--s-a-w	c:\windows\system32\150552657.dat2009-05-06 14:32 . 2009-05-06 14:32	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\COWON2009-04-24 17:53 . 2009-04-24 17:53	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\id Software2009-04-24 17:51 . 2009-04-24 17:51	--------	d-----w	c:\windows\system32\LogFiles2009-04-20 12:58 . 2009-05-11 14:02	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\OpenOffice.org22009-04-18 14:04 . 2009-04-18 14:04	--------	d-----w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Identities2009-04-15 16:00 . 2009-04-15 16:00	23312	----a-w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-15 12:03 . 2009-04-15 12:03	--------	d-----w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Mozilla2009-04-14 17:51 . 2009-04-14 17:51	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\COWON2009-04-14 17:49 . 2009-04-14 17:50	--------	d-----w	c:\program files\Common Files\COWON.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-15 18:30 . 2007-06-07 07:57	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-02 13:26 . 2007-12-05 21:04	23312	----a-w	c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-29 19:08 . 2001-10-26 16:15	67298	----a-w	c:\windows\system32\perfc015.dat2009-03-29 19:08 . 2001-10-26 16:15	436322	----a-w	c:\windows\system32\perfh015.dat2007-12-15 11:39 . 2007-12-15 10:13	88	--sha-r	c:\windows\system32\50BDD0A010.sys2007-12-15 11:39 . 2007-12-15 08:53	2516	--sha-w	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-10-31 38384][HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}][HKEY_CLASSES_ROOT\SearchHook.SrchHook.1][HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}][HKEY_CLASSES_ROOT\SearchHook.SrchHook][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-10-31 3061248]"Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2008-03-20 2127296]"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]"Patikos"="c:\documents and settings\Patikos\Patikos.exe" [bU][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"QuickTimeTask"="c:\program files\Applications\wcs.exe" [bU]c:\documents and settings\Adrian\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Daga\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Go†\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"EditLevel"= 0 (0x0)"NoCommonGroups"= 0 (0x0)HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"MIDI1"= SYNCOR11.DLL[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnkbackup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnkbackup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Patikos^Menu Start^Programy^Autostart^Registration .LNK]path=c:\documents and settings\Patikos\Menu Start\Programy\Autostart\Registration .LNKbackup=c:\windows\pss\Registration .LNKStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"=R0 pe3aje8c;Piraci Nowego Swiata 2: Dwa Skarby Environment Driver (pe3aje8c);c:\windows\system32\drivers\pe3aje8c.sys [2007-02-14 65456]R0 ps6aje8c;Piraci Nowego Swiata 2: Dwa Skarby Synchronization Driver (ps6aje8c);c:\windows\system32\drivers\ps6aje8c.sys [2007-02-14 52152]S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-06-07 15424]S2 oepqfbiyoopb;oepqfbiyoopb;\??\c:\windows\system32\drivers\gaofyuzx.sys --> c:\windows\system32\drivers\gaofyuzx.sys [?]S2 pr2aje8c;Piraci Nowego Swiata 2: Dwa Skarby Drivers Auto Removal (pr2aje8c);c:\windows\system32\pr2aje8c.exe svc --> c:\windows\system32\pr2aje8c.exe svc [?]S3 AdWatchDrv;AW Realtime Driver;c:\windows\system32\drivers\AWRTPD.sys [2007-05-08 6272]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htmIE: &Download with &DAP - c:\program files\DAP\dapextie.htmIE: Download &all with DAP - c:\program files\DAP\dapextie2.htmLSP: c:\windows\System32\imon.dllTCP: {C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2} = 194.63.132.4,194.63.133.4Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllFF - ProfilePath - c:\documents and settings\Patikos\Dane aplikacji\Mozilla\Firefox\Profiles\t1uk9um4.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dllFF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-12 20:07Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1292428093-1788223648-682003330-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:94,28,cb,4c,7f,c2,f6,f1,ef,a2,b2,68,5e,48,22,38,5b,27,29,6b,8e,97,f3,   84,6c,ea,c8,76,9c,78,d0,c7,f2,36,9e,19,4b,30,4d,ce,4d,37,0c,da,ae,9f,e1,2c,\"??"=hex:cf,a4,74,0e,57,a6,e8,83,c1,47,a5,ad,5b,73,73,86.Czas ukończenia: 2009-05-12 20:10ComboFix-quarantined-files.txt  2009-05-12 18:09Przed: 4 653 613 056 bajtów wolnychPo: 4 643 606 528 bajtów wolnych158	--- E O F ---	2008-11-17 17:30

odnawiam ;]

Gość
komentarz
komentarz

;]

Wklej do Notatnika:

File::c:\windows\system32\150552657.datc:\documents and settings\Patikos\Patikos.exec:\windows\system32\drivers\gaofyuzx.sysc:\program files\Applications\wcs.exeFolder::c:\progra~1\DAPc:\program files\ApplicationsDriver::pe3aje8cps6aje8coepqfbiyoopbpr2aje8cRegistry::[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{F4F10C1D-87C7-404A-B4B3-000000000000}"=-[-HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}][-HKEY_CLASSES_ROOT\SearchHook.SrchHook.1][-HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}][-HKEY_CLASSES_ROOT\SearchHook.SrchHook][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Patikos"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"QuickTimeTask"=-

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

Painmaster
komentarz
komentarz

zrobione cos jeszcze?

Gość
komentarz
komentarz
zrobione cos jeszcze?

Tak?

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

.

Painmaster
komentarz
komentarz
ComboFix 09-05-11.01 - Patikos 2009-05-14 13:39.4 - NTFSx86 NETWORKMicrosoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.767.632 [GMT 2:00]Uruchomiony z: c:\documents and settings\Patikos\Pulpit\ComboFix.exeAV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated).(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))..---- Poprzednie uruchomienie -------.c:\progra~1\DAPc:\progra~1\DAP\cabex.dllc:\progra~1\DAP\Cancel.gifc:\progra~1\DAP\comtest.gifc:\progra~1\DAP\DAP.exec:\progra~1\DAP\dap_premium.gifc:\progra~1\DAP\DAPConf.exec:\progra~1\DAP\dapextie.htmc:\progra~1\DAP\dapextie2.htmc:\progra~1\DAP\DAPFireFox\chrome.manifestc:\progra~1\DAP\DAPFireFox\chrome\dapff.jarc:\progra~1\DAP\DAPFireFox\components\.autoregc:\progra~1\DAP\DAPFireFox\components\DAPFireFox.dllc:\progra~1\DAP\DAPFireFox\components\dapservice.jsc:\progra~1\DAP\DAPFireFox\components\IDAPComponent.xptc:\progra~1\DAP\DAPFireFox\install.rdfc:\progra~1\DAP\DAPFireFox\install.xpic:\progra~1\DAP\dapie.dllc:\progra~1\DAP\DAPIEEngine.dllc:\progra~1\DAP\DAPIEMonitor.dllc:\progra~1\DAP\dapm_Context_search.dllc:\progra~1\DAP\dapm_ftp.dllc:\progra~1\DAP\dapmm.dllc:\progra~1\DAP\dapop.dllc:\progra~1\DAP\DapRemove.exec:\progra~1\DAP\dapres.dllc:\progra~1\DAP\dapres32.dllc:\progra~1\DAP\dapupd.exec:\progra~1\DAP\dapxrpt.exec:\progra~1\DAP\dapxrpt.inic:\progra~1\DAP\dbghelp.dllc:\progra~1\DAP\delete_animation.gifc:\progra~1\DAP\dexthlp.dllc:\progra~1\DAP\download_ani.gifc:\progra~1\DAP\Install.logc:\progra~1\DAP\license.txtc:\progra~1\DAP\Locales\DAPCHS.lngc:\progra~1\DAP\Locales\DAPCHT.lngc:\progra~1\DAP\Locales\DAPDEU.lngc:\progra~1\DAP\Locales\DAPENU.lngc:\progra~1\DAP\Locales\DAPESP.lngc:\progra~1\DAP\Locales\DAPFRA.lngc:\progra~1\DAP\Locales\DAPITA.lngc:\progra~1\DAP\Locales\DAPJPN.lngc:\progra~1\DAP\Locales\DAPM_FTPCHT.lngc:\progra~1\DAP\Locales\DAPM_FTPDEU.lngc:\progra~1\DAP\Locales\DAPM_FTPENU.lngc:\progra~1\DAP\Locales\DAPM_FTPESP.lngc:\progra~1\DAP\Locales\DAPM_FTPFRA.lngc:\progra~1\DAP\Locales\DAPM_FTPITA.lngc:\progra~1\DAP\Locales\DAPM_FTPJPN.lngc:\progra~1\DAP\Locales\DAPM_FTPNLD.lngc:\progra~1\DAP\Locales\DAPM_FTPPTB.lngc:\progra~1\DAP\Locales\DAPM_FTPRUS.lngc:\progra~1\DAP\Locales\DAPNLD.lngc:\progra~1\DAP\Locales\DAPPOL.lngc:\progra~1\DAP\Locales\DAPPTB.lngc:\progra~1\DAP\Locales\DAPRUS.lngc:\progra~1\DAP\MCMgr.dllc:\progra~1\DAP\mfc42.dllc:\progra~1\DAP\msvcrt.dllc:\progra~1\DAP\OK.gifc:\progra~1\DAP\Privacy Package\CleanerIEMenu.dllc:\progra~1\DAP\Privacy Package\dapcleanerie.htmc:\progra~1\DAP\Privacy Package\DAPCtxMenuShell.dllc:\progra~1\DAP\Privacy Package\DAPShred.exec:\progra~1\DAP\Privacy Package\DAPTraceCleaner.exec:\progra~1\DAP\Privacy Package\shred_animation4.gifc:\progra~1\DAP\Privacy Package\trace_ani.gifc:\progra~1\DAP\privacy.txtc:\progra~1\DAP\progbar.gifc:\progra~1\DAP\RestartApp.exec:\progra~1\DAP\SBSearch.dllc:\progra~1\DAP\security_ani.gifc:\progra~1\DAP\Skins\dap\arrows.bmpc:\progra~1\DAP\Skins\dap\bms.bmpc:\progra~1\DAP\Skins\dap\bmstool.bmpc:\progra~1\DAP\Skins\dap\C-Close.bmpc:\progra~1\DAP\Skins\dap\C-end.bmpc:\progra~1\DAP\Skins\dap\C-Max.bmpc:\progra~1\DAP\Skins\dap\C-Min.bmpc:\progra~1\DAP\Skins\dap\C-Restore.bmpc:\progra~1\DAP\Skins\dap\checkbox.bmpc:\progra~1\DAP\Skins\dap\ComboButton.bmpc:\progra~1\DAP\Skins\dap\combobuttonextra.bmpc:\progra~1\DAP\Skins\dap\DAP.uisc:\progra~1\DAP\Skins\dap\Dialog.bmpc:\progra~1\DAP\Skins\dap\Explorer.bmpc:\progra~1\DAP\Skins\dap\F-Bottom.bmpc:\progra~1\DAP\Skins\dap\F-Left.bmpc:\progra~1\DAP\Skins\dap\F-Right.bmpc:\progra~1\DAP\Skins\dap\F-Top.bmpc:\progra~1\DAP\Skins\dap\grip.bmpc:\progra~1\DAP\Skins\dap\GroupBox.bmpc:\progra~1\DAP\Skins\dap\GroupBoxTitle.bmpc:\progra~1\DAP\Skins\dap\Header.bmpc:\progra~1\DAP\Skins\dap\hscroll.bmpc:\progra~1\DAP\Skins\dap\hscroll2.bmpc:\progra~1\DAP\Skins\dap\mdi-button.bmpc:\progra~1\DAP\Skins\dap\Mdi.bmpc:\progra~1\DAP\Skins\dap\Menu-Border.bmpc:\progra~1\DAP\Skins\dap\MenuBar.bmpc:\progra~1\DAP\Skins\dap\menuborder.bmpc:\progra~1\DAP\Skins\dap\menutool.bmpc:\progra~1\DAP\Skins\dap\ProgressBar.bmpc:\progra~1\DAP\Skins\dap\radiobutton.bmpc:\progra~1\DAP\Skins\dap\shade.bmpc:\progra~1\DAP\Skins\dap\Status.bmpc:\progra~1\DAP\Skins\dap\SunkenEdge.bmpc:\progra~1\DAP\Skins\dap\tabborders.bmpc:\progra~1\DAP\Skins\dap\tabs.bmpc:\progra~1\DAP\Skins\dap\vscroll.bmpc:\progra~1\DAP\Skins\dap\vscroll2.bmpc:\progra~1\DAP\Skins\skins.urlc:\progra~1\DAP\UNWISE.EXEc:\progra~1\DAP\website.urlc:\progra~1\DAP\zlib.dllc:\program files\Applicationsc:\program files\Applications\wcu.exec:\windows\system32\150552657.dat.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_OEPQFBIYOOPB-------\Legacy_PE3AJE8C-------\Legacy_PR2AJE8C-------\Legacy_PS6AJE8C-------\Service_oepqfbiyoopb-------\Service_pe3aje8c-------\Service_pr2aje8c-------\Service_ps6aje8c(((((((((((((((((((((((((   Pliki utworzone od 2009-04-14 do 2009-05-14  ))))))))))))))))))))))))))))))).2009-05-10 09:34 . 2009-05-10 09:34	--------	d-----w	c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\PunkBuster2009-05-10 09:30 . 2009-05-14 10:24	138944	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 09:30	22328	----a-w	c:\documents and settings\Patikos\Dane aplikacji\PnkBstrK.sys2009-05-10 09:30 . 2009-05-14 10:23	189784	----a-w	c:\windows\system32\PnkBstrB.exe2009-05-10 09:30 . 2009-05-10 13:19	75064	----a-w	c:\windows\system32\PnkBstrA.exe2009-05-10 09:30 . 2009-05-10 09:30	2246144	----a-w	c:\windows\system32\pbsvc.exe2009-05-10 09:30 . 2009-05-10 09:30	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\id Software2009-05-09 15:07 . 2009-05-10 09:16	--------	d-----w	c:\documents and settings\Daga\Phone Browser2009-05-09 11:53 . 2009-05-09 11:53	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\PC Suite2009-05-08 18:45 . 2009-05-10 09:17	--------	d-----w	c:\windows\$hf_mig$2009-05-08 16:52 . 2009-05-09 09:13	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Nokia Multimedia Player2009-05-08 16:50 . 2009-05-08 16:50	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Datalayer2009-05-08 16:49 . 2009-05-09 09:18	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\Nokia N702009-05-08 16:49 . 2009-05-10 09:17	--------	d-----w	c:\documents and settings\Patikos\Phone Browser2009-05-08 16:45 . 2009-05-08 16:45	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-08 16:48	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-10 09:17	--------	d-----w	c:\program files\Common Files\PCSuite2009-05-06 14:32 . 2009-05-06 14:32	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\COWON2009-04-24 17:53 . 2009-04-24 17:53	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\id Software2009-04-24 17:51 . 2009-04-24 17:51	--------	d-----w	c:\windows\system32\LogFiles2009-04-20 12:58 . 2009-05-13 19:56	--------	d-----w	c:\documents and settings\Daga\Dane aplikacji\OpenOffice.org22009-04-18 14:04 . 2009-04-18 14:04	--------	d-----w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Identities2009-04-15 16:00 . 2009-04-15 16:00	23312	----a-w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-15 12:03 . 2009-04-15 12:03	--------	d-----w	c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Mozilla2009-04-14 17:51 . 2009-04-14 17:51	--------	d-----w	c:\documents and settings\Patikos\Dane aplikacji\COWON2009-04-14 17:49 . 2009-04-14 17:50	--------	d-----w	c:\program files\Common Files\COWON.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-15 18:30 . 2007-06-07 07:57	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-02 13:26 . 2007-12-05 21:04	23312	----a-w	c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-29 19:08 . 2001-10-26 16:15	67298	----a-w	c:\windows\system32\perfc015.dat2009-03-29 19:08 . 2001-10-26 16:15	436322	----a-w	c:\windows\system32\perfh015.dat2007-12-15 11:39 . 2007-12-15 10:13	88	--sha-r	c:\windows\system32\50BDD0A010.sys2007-12-15 11:39 . 2007-12-15 08:53	2516	--sha-w	c:\windows\system32\KGyGaAvL.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2008-03-20 2127296]"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]c:\documents and settings\Adrian\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Daga\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Go†\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"EditLevel"= 0 (0x0)"NoCommonGroups"= 0 (0x0)HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"MIDI1"= SYNCOR11.DLL[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnkbackup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnkbackup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Patikos^Menu Start^Programy^Autostart^Registration .LNK]path=c:\documents and settings\Patikos\Menu Start\Programy\Autostart\Registration .LNKbackup=c:\windows\pss\Registration .LNKStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"=S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-06-07 15424]S3 AdWatchDrv;AW Realtime Driver;c:\windows\system32\drivers\AWRTPD.sys [2007-05-08 6272]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE.------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htmIE: &Download with &DAP - c:\program files\DAP\dapextie.htmIE: Download &all with DAP - c:\program files\DAP\dapextie2.htmLSP: c:\windows\System32\imon.dllTCP: {C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2} = 194.63.132.4,194.63.133.4Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - FF - ProfilePath - c:\documents and settings\Patikos\Dane aplikacji\Mozilla\Firefox\Profiles\t1uk9um4.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-14 13:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1292428093-1788223648-682003330-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:94,28,cb,4c,7f,c2,f6,f1,ef,a2,b2,68,5e,48,22,38,5b,27,29,6b,8e,97,f3,   84,6c,ea,c8,76,9c,78,d0,c7,f2,36,9e,19,4b,30,4d,ce,4d,37,0c,da,ae,9f,e1,2c,\"??"=hex:cf,a4,74,0e,57,a6,e8,83,c1,47,a5,ad,5b,73,73,86.Czas ukończenia: 2009-05-14 13:45ComboFix-quarantined-files.txt  2009-05-14 11:44ComboFix2.txt  2009-05-12 18:10Przed: 4 579 815 424 bajtów wolnychPo: 4 568 682 496 bajtów wolnych259	--- E O F ---	2008-11-17 17:30
Gość
komentarz
komentarz

Log jest czysty. :)

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.