Painmaster utworzono 11 maja 2009 utworzono 11 maja 2009 (edytowane) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:50:22, on 2009-05-11Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\TEMP\BBAE.tmpD:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\DAP\DAP.EXEC:\DOCUME~1\Patikos\USTAWI~1\Temp\Rar$EX00.188\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66029R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66029R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66029R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FG\jccatch.dll (file missing)O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dllO2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\MU\MegaIEMn.dll (file missing)O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FG\getflash.dll (file missing)O2 - BHO: XBTP01621 Class - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing)O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitLord\BitLord.exe"O4 - HKCU\..\Run: [Patikos] C:\Documents and Settings\Patikos\Patikos.exe /iO4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exeO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FG\FlashGet.exe (file missing)O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FG\FlashGet.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2}: NameServer = 194.63.132.4,194.63.133.4O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Intel? NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Piraci Nowego Swiata 2: Dwa Skarby Drivers Auto Removal (pr2aje8c) (pr2aje8c) - Cenega Poland - C:\WINDOWS\system32\pr2aje8c.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe--End of file - 6087 bytes Mam problem z digeste.dll pisze ze jest niepoprawna aplikacja systemy windows NT po za tym BOSD ale dalem go do Windows XP
Painmaster komentarz 11 maja 2009 Autor komentarz 11 maja 2009 dalbym ale nie moge wyłaczyc anty vira(nod32 2.70) ja wchodz w proscesy to mi sie wlacza na nowo a przy combofixie pisze ze musze miec to wylaczone:( moze kto pomoc?
Painmaster komentarz 14 maja 2009 Autor komentarz 14 maja 2009 ComboFix 09-05-11.01 - Patikos 2009-05-12 20:04.2 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.767.632 [GMT 2:00]Uruchomiony z: c:\documents and settings\Patikos\Pulpit\ComboFix.exeAV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated).((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..---- Poprzednie uruchomienie -------.c:\documents and settings\Adrian\Dane aplikacji\ShoppingReportc:\documents and settings\Adrian\Dane aplikacji\ShoppingReport\cs\Config.xmlc:\documents and settings\Patikos\Dane aplikacji\wiaserva.logc:\documents and settings\Patikos\Patikos.exec:\program files\ShoppingReportc:\program files\ShoppingReport\Uninst.exec:\windows\system32\crypts.dllc:\windows\system32\digeste.dllc:\windows\system32\digiwet.dllc:\windows\system32\drivers\gaofyuzx.sysc:\windows\system32\drivers\str.sysc:\windows\system32\drivers\systemntmi.sys.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_SYSTEMNTMI-------\Service_systemntmi((((((((((((((((((((((((( Pliki utworzone od 2009-04-12 do 2009-05-12 ))))))))))))))))))))))))))))))).2009-05-10 09:34 . 2009-05-10 09:34 -------- d-----w c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\PunkBuster2009-05-10 09:30 . 2009-05-10 13:19 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 09:30 22328 ----a-w c:\documents and settings\Patikos\Dane aplikacji\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 13:18 189784 ----a-w c:\windows\system32\PnkBstrB.exe2009-05-10 09:30 . 2009-05-10 13:19 75064 ----a-w c:\windows\system32\PnkBstrA.exe2009-05-10 09:30 . 2009-05-10 09:30 2246144 ----a-w c:\windows\system32\pbsvc.exe2009-05-10 09:30 . 2009-05-10 09:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software2009-05-09 15:07 . 2009-05-10 09:16 -------- d-----w c:\documents and settings\Daga\Phone Browser2009-05-09 11:53 . 2009-05-09 11:53 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\PC Suite2009-05-08 18:45 . 2009-05-10 09:17 -------- d-----w c:\windows\$hf_mig$2009-05-08 16:52 . 2009-05-09 09:13 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Nokia Multimedia Player2009-05-08 16:50 . 2009-05-08 16:50 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Datalayer2009-05-08 16:49 . 2009-05-09 09:18 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Nokia N702009-05-08 16:49 . 2009-05-10 09:17 -------- d-----w c:\documents and settings\Patikos\Phone Browser2009-05-08 16:45 . 2009-05-08 16:45 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-08 16:48 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-10 09:17 -------- d-----w c:\program files\Common Files\PCSuite2009-05-08 15:33 . 2009-05-08 16:03 86 --s-a-w c:\windows\system32\150552657.dat2009-05-06 14:32 . 2009-05-06 14:32 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\COWON2009-04-24 17:53 . 2009-04-24 17:53 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\id Software2009-04-24 17:51 . 2009-04-24 17:51 -------- d-----w c:\windows\system32\LogFiles2009-04-20 12:58 . 2009-05-11 14:02 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\OpenOffice.org22009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Identities2009-04-15 16:00 . 2009-04-15 16:00 23312 ----a-w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-15 12:03 . 2009-04-15 12:03 -------- d-----w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Mozilla2009-04-14 17:51 . 2009-04-14 17:51 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\COWON2009-04-14 17:49 . 2009-04-14 17:50 -------- d-----w c:\program files\Common Files\COWON.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-15 18:30 . 2007-06-07 07:57 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-02 13:26 . 2007-12-05 21:04 23312 ----a-w c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-29 19:08 . 2001-10-26 16:15 67298 ----a-w c:\windows\system32\perfc015.dat2009-03-29 19:08 . 2001-10-26 16:15 436322 ----a-w c:\windows\system32\perfh015.dat2007-12-15 11:39 . 2007-12-15 10:13 88 --sha-r c:\windows\system32\50BDD0A010.sys2007-12-15 11:39 . 2007-12-15 08:53 2516 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-10-31 38384][HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}][HKEY_CLASSES_ROOT\SearchHook.SrchHook.1][HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}][HKEY_CLASSES_ROOT\SearchHook.SrchHook][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-10-31 3061248]"Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2008-03-20 2127296]"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]"Patikos"="c:\documents and settings\Patikos\Patikos.exe" [bU][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"QuickTimeTask"="c:\program files\Applications\wcs.exe" [bU]c:\documents and settings\Adrian\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Daga\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Go†\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"EditLevel"= 0 (0x0)"NoCommonGroups"= 0 (0x0)HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"MIDI1"= SYNCOR11.DLL[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnkbackup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnkbackup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Patikos^Menu Start^Programy^Autostart^Registration .LNK]path=c:\documents and settings\Patikos\Menu Start\Programy\Autostart\Registration .LNKbackup=c:\windows\pss\Registration .LNKStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"=R0 pe3aje8c;Piraci Nowego Swiata 2: Dwa Skarby Environment Driver (pe3aje8c);c:\windows\system32\drivers\pe3aje8c.sys [2007-02-14 65456]R0 ps6aje8c;Piraci Nowego Swiata 2: Dwa Skarby Synchronization Driver (ps6aje8c);c:\windows\system32\drivers\ps6aje8c.sys [2007-02-14 52152]S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-06-07 15424]S2 oepqfbiyoopb;oepqfbiyoopb;\??\c:\windows\system32\drivers\gaofyuzx.sys --> c:\windows\system32\drivers\gaofyuzx.sys [?]S2 pr2aje8c;Piraci Nowego Swiata 2: Dwa Skarby Drivers Auto Removal (pr2aje8c);c:\windows\system32\pr2aje8c.exe svc --> c:\windows\system32\pr2aje8c.exe svc [?]S3 AdWatchDrv;AW Realtime Driver;c:\windows\system32\drivers\AWRTPD.sys [2007-05-08 6272]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htmIE: &Download with &DAP - c:\program files\DAP\dapextie.htmIE: Download &all with DAP - c:\program files\DAP\dapextie2.htmLSP: c:\windows\System32\imon.dllTCP: {C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2} = 194.63.132.4,194.63.133.4Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllFF - ProfilePath - c:\documents and settings\Patikos\Dane aplikacji\Mozilla\Firefox\Profiles\t1uk9um4.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dllFF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-12 20:07Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1292428093-1788223648-682003330-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:94,28,cb,4c,7f,c2,f6,f1,ef,a2,b2,68,5e,48,22,38,5b,27,29,6b,8e,97,f3, 84,6c,ea,c8,76,9c,78,d0,c7,f2,36,9e,19,4b,30,4d,ce,4d,37,0c,da,ae,9f,e1,2c,\"??"=hex:cf,a4,74,0e,57,a6,e8,83,c1,47,a5,ad,5b,73,73,86.Czas ukończenia: 2009-05-12 20:10ComboFix-quarantined-files.txt 2009-05-12 18:09Przed: 4 653 613 056 bajtów wolnychPo: 4 643 606 528 bajtów wolnych158 --- E O F --- 2008-11-17 17:30 odnawiam
Gość komentarz 14 maja 2009 komentarz 14 maja 2009 Wklej do Notatnika: File::c:\windows\system32\150552657.datc:\documents and settings\Patikos\Patikos.exec:\windows\system32\drivers\gaofyuzx.sysc:\program files\Applications\wcs.exeFolder::c:\progra~1\DAPc:\program files\ApplicationsDriver::pe3aje8cps6aje8coepqfbiyoopbpr2aje8cRegistry::[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{F4F10C1D-87C7-404A-B4B3-000000000000}"=-[-HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}][-HKEY_CLASSES_ROOT\SearchHook.SrchHook.1][-HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}][-HKEY_CLASSES_ROOT\SearchHook.SrchHook][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Patikos"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"QuickTimeTask"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
Gość komentarz 14 maja 2009 komentarz 14 maja 2009 zrobione cos jeszcze? Tak? Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. .
Painmaster komentarz 14 maja 2009 Autor komentarz 14 maja 2009 ComboFix 09-05-11.01 - Patikos 2009-05-14 13:39.4 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.767.632 [GMT 2:00]Uruchomiony z: c:\documents and settings\Patikos\Pulpit\ComboFix.exeAV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Outdated).((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..---- Poprzednie uruchomienie -------.c:\progra~1\DAPc:\progra~1\DAP\cabex.dllc:\progra~1\DAP\Cancel.gifc:\progra~1\DAP\comtest.gifc:\progra~1\DAP\DAP.exec:\progra~1\DAP\dap_premium.gifc:\progra~1\DAP\DAPConf.exec:\progra~1\DAP\dapextie.htmc:\progra~1\DAP\dapextie2.htmc:\progra~1\DAP\DAPFireFox\chrome.manifestc:\progra~1\DAP\DAPFireFox\chrome\dapff.jarc:\progra~1\DAP\DAPFireFox\components\.autoregc:\progra~1\DAP\DAPFireFox\components\DAPFireFox.dllc:\progra~1\DAP\DAPFireFox\components\dapservice.jsc:\progra~1\DAP\DAPFireFox\components\IDAPComponent.xptc:\progra~1\DAP\DAPFireFox\install.rdfc:\progra~1\DAP\DAPFireFox\install.xpic:\progra~1\DAP\dapie.dllc:\progra~1\DAP\DAPIEEngine.dllc:\progra~1\DAP\DAPIEMonitor.dllc:\progra~1\DAP\dapm_Context_search.dllc:\progra~1\DAP\dapm_ftp.dllc:\progra~1\DAP\dapmm.dllc:\progra~1\DAP\dapop.dllc:\progra~1\DAP\DapRemove.exec:\progra~1\DAP\dapres.dllc:\progra~1\DAP\dapres32.dllc:\progra~1\DAP\dapupd.exec:\progra~1\DAP\dapxrpt.exec:\progra~1\DAP\dapxrpt.inic:\progra~1\DAP\dbghelp.dllc:\progra~1\DAP\delete_animation.gifc:\progra~1\DAP\dexthlp.dllc:\progra~1\DAP\download_ani.gifc:\progra~1\DAP\Install.logc:\progra~1\DAP\license.txtc:\progra~1\DAP\Locales\DAPCHS.lngc:\progra~1\DAP\Locales\DAPCHT.lngc:\progra~1\DAP\Locales\DAPDEU.lngc:\progra~1\DAP\Locales\DAPENU.lngc:\progra~1\DAP\Locales\DAPESP.lngc:\progra~1\DAP\Locales\DAPFRA.lngc:\progra~1\DAP\Locales\DAPITA.lngc:\progra~1\DAP\Locales\DAPJPN.lngc:\progra~1\DAP\Locales\DAPM_FTPCHT.lngc:\progra~1\DAP\Locales\DAPM_FTPDEU.lngc:\progra~1\DAP\Locales\DAPM_FTPENU.lngc:\progra~1\DAP\Locales\DAPM_FTPESP.lngc:\progra~1\DAP\Locales\DAPM_FTPFRA.lngc:\progra~1\DAP\Locales\DAPM_FTPITA.lngc:\progra~1\DAP\Locales\DAPM_FTPJPN.lngc:\progra~1\DAP\Locales\DAPM_FTPNLD.lngc:\progra~1\DAP\Locales\DAPM_FTPPTB.lngc:\progra~1\DAP\Locales\DAPM_FTPRUS.lngc:\progra~1\DAP\Locales\DAPNLD.lngc:\progra~1\DAP\Locales\DAPPOL.lngc:\progra~1\DAP\Locales\DAPPTB.lngc:\progra~1\DAP\Locales\DAPRUS.lngc:\progra~1\DAP\MCMgr.dllc:\progra~1\DAP\mfc42.dllc:\progra~1\DAP\msvcrt.dllc:\progra~1\DAP\OK.gifc:\progra~1\DAP\Privacy Package\CleanerIEMenu.dllc:\progra~1\DAP\Privacy Package\dapcleanerie.htmc:\progra~1\DAP\Privacy Package\DAPCtxMenuShell.dllc:\progra~1\DAP\Privacy Package\DAPShred.exec:\progra~1\DAP\Privacy Package\DAPTraceCleaner.exec:\progra~1\DAP\Privacy Package\shred_animation4.gifc:\progra~1\DAP\Privacy Package\trace_ani.gifc:\progra~1\DAP\privacy.txtc:\progra~1\DAP\progbar.gifc:\progra~1\DAP\RestartApp.exec:\progra~1\DAP\SBSearch.dllc:\progra~1\DAP\security_ani.gifc:\progra~1\DAP\Skins\dap\arrows.bmpc:\progra~1\DAP\Skins\dap\bms.bmpc:\progra~1\DAP\Skins\dap\bmstool.bmpc:\progra~1\DAP\Skins\dap\C-Close.bmpc:\progra~1\DAP\Skins\dap\C-end.bmpc:\progra~1\DAP\Skins\dap\C-Max.bmpc:\progra~1\DAP\Skins\dap\C-Min.bmpc:\progra~1\DAP\Skins\dap\C-Restore.bmpc:\progra~1\DAP\Skins\dap\checkbox.bmpc:\progra~1\DAP\Skins\dap\ComboButton.bmpc:\progra~1\DAP\Skins\dap\combobuttonextra.bmpc:\progra~1\DAP\Skins\dap\DAP.uisc:\progra~1\DAP\Skins\dap\Dialog.bmpc:\progra~1\DAP\Skins\dap\Explorer.bmpc:\progra~1\DAP\Skins\dap\F-Bottom.bmpc:\progra~1\DAP\Skins\dap\F-Left.bmpc:\progra~1\DAP\Skins\dap\F-Right.bmpc:\progra~1\DAP\Skins\dap\F-Top.bmpc:\progra~1\DAP\Skins\dap\grip.bmpc:\progra~1\DAP\Skins\dap\GroupBox.bmpc:\progra~1\DAP\Skins\dap\GroupBoxTitle.bmpc:\progra~1\DAP\Skins\dap\Header.bmpc:\progra~1\DAP\Skins\dap\hscroll.bmpc:\progra~1\DAP\Skins\dap\hscroll2.bmpc:\progra~1\DAP\Skins\dap\mdi-button.bmpc:\progra~1\DAP\Skins\dap\Mdi.bmpc:\progra~1\DAP\Skins\dap\Menu-Border.bmpc:\progra~1\DAP\Skins\dap\MenuBar.bmpc:\progra~1\DAP\Skins\dap\menuborder.bmpc:\progra~1\DAP\Skins\dap\menutool.bmpc:\progra~1\DAP\Skins\dap\ProgressBar.bmpc:\progra~1\DAP\Skins\dap\radiobutton.bmpc:\progra~1\DAP\Skins\dap\shade.bmpc:\progra~1\DAP\Skins\dap\Status.bmpc:\progra~1\DAP\Skins\dap\SunkenEdge.bmpc:\progra~1\DAP\Skins\dap\tabborders.bmpc:\progra~1\DAP\Skins\dap\tabs.bmpc:\progra~1\DAP\Skins\dap\vscroll.bmpc:\progra~1\DAP\Skins\dap\vscroll2.bmpc:\progra~1\DAP\Skins\skins.urlc:\progra~1\DAP\UNWISE.EXEc:\progra~1\DAP\website.urlc:\progra~1\DAP\zlib.dllc:\program files\Applicationsc:\program files\Applications\wcu.exec:\windows\system32\150552657.dat.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_OEPQFBIYOOPB-------\Legacy_PE3AJE8C-------\Legacy_PR2AJE8C-------\Legacy_PS6AJE8C-------\Service_oepqfbiyoopb-------\Service_pe3aje8c-------\Service_pr2aje8c-------\Service_ps6aje8c((((((((((((((((((((((((( Pliki utworzone od 2009-04-14 do 2009-05-14 ))))))))))))))))))))))))))))))).2009-05-10 09:34 . 2009-05-10 09:34 -------- d-----w c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\PunkBuster2009-05-10 09:30 . 2009-05-14 10:24 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-05-10 09:30 . 2009-05-10 09:30 22328 ----a-w c:\documents and settings\Patikos\Dane aplikacji\PnkBstrK.sys2009-05-10 09:30 . 2009-05-14 10:23 189784 ----a-w c:\windows\system32\PnkBstrB.exe2009-05-10 09:30 . 2009-05-10 13:19 75064 ----a-w c:\windows\system32\PnkBstrA.exe2009-05-10 09:30 . 2009-05-10 09:30 2246144 ----a-w c:\windows\system32\pbsvc.exe2009-05-10 09:30 . 2009-05-10 09:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software2009-05-09 15:07 . 2009-05-10 09:16 -------- d-----w c:\documents and settings\Daga\Phone Browser2009-05-09 11:53 . 2009-05-09 11:53 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\PC Suite2009-05-08 18:45 . 2009-05-10 09:17 -------- d-----w c:\windows\$hf_mig$2009-05-08 16:52 . 2009-05-09 09:13 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Nokia Multimedia Player2009-05-08 16:50 . 2009-05-08 16:50 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Datalayer2009-05-08 16:49 . 2009-05-09 09:18 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\Nokia N702009-05-08 16:49 . 2009-05-10 09:17 -------- d-----w c:\documents and settings\Patikos\Phone Browser2009-05-08 16:45 . 2009-05-08 16:45 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-08 16:48 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-05-08 16:45 . 2009-05-10 09:17 -------- d-----w c:\program files\Common Files\PCSuite2009-05-06 14:32 . 2009-05-06 14:32 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\COWON2009-04-24 17:53 . 2009-04-24 17:53 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\id Software2009-04-24 17:51 . 2009-04-24 17:51 -------- d-----w c:\windows\system32\LogFiles2009-04-20 12:58 . 2009-05-13 19:56 -------- d-----w c:\documents and settings\Daga\Dane aplikacji\OpenOffice.org22009-04-18 14:04 . 2009-04-18 14:04 -------- d-----w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Identities2009-04-15 16:00 . 2009-04-15 16:00 23312 ----a-w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-04-15 12:03 . 2009-04-15 12:03 -------- d-----w c:\documents and settings\Daga\Ustawienia lokalne\Dane aplikacji\Mozilla2009-04-14 17:51 . 2009-04-14 17:51 -------- d-----w c:\documents and settings\Patikos\Dane aplikacji\COWON2009-04-14 17:49 . 2009-04-14 17:50 -------- d-----w c:\program files\Common Files\COWON.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-15 18:30 . 2007-06-07 07:57 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-02 13:26 . 2007-12-05 21:04 23312 ----a-w c:\documents and settings\Patikos\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-03-29 19:08 . 2001-10-26 16:15 67298 ----a-w c:\windows\system32\perfc015.dat2009-03-29 19:08 . 2001-10-26 16:15 436322 ----a-w c:\windows\system32\perfh015.dat2007-12-15 11:39 . 2007-12-15 10:13 88 --sha-r c:\windows\system32\50BDD0A010.sys2007-12-15 11:39 . 2007-12-15 08:53 2516 --sha-w c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="d:\gadu-gadu\gg.exe" [2008-03-20 2127296]"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]c:\documents and settings\Adrian\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Daga\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]c:\documents and settings\Go†\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"EditLevel"= 0 (0x0)"NoCommonGroups"= 0 (0x0)HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"MIDI1"= SYNCOR11.DLL[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnkbackup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\UniSpiker-2.6.lnkbackup=c:\windows\pss\UniSpiker-2.6.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Patikos^Menu Start^Programy^Autostart^Registration .LNK]path=c:\documents and settings\Patikos\Menu Start\Programy\Autostart\Registration .LNKbackup=c:\windows\pss\Registration .LNKStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"=S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-06-07 15424]S3 AdWatchDrv;AW Realtime Driver;c:\windows\system32\drivers\AWRTPD.sys [2007-05-08 6272]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE.------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htmIE: &Download with &DAP - c:\program files\DAP\dapextie.htmIE: Download &all with DAP - c:\program files\DAP\dapextie2.htmLSP: c:\windows\System32\imon.dllTCP: {C8ECD6B1-7554-40D4-9F62-F3D0FAA2B8E2} = 194.63.132.4,194.63.133.4Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - FF - ProfilePath - c:\documents and settings\Patikos\Dane aplikacji\Mozilla\Firefox\Profiles\t1uk9um4.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-14 13:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1292428093-1788223648-682003330-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:94,28,cb,4c,7f,c2,f6,f1,ef,a2,b2,68,5e,48,22,38,5b,27,29,6b,8e,97,f3, 84,6c,ea,c8,76,9c,78,d0,c7,f2,36,9e,19,4b,30,4d,ce,4d,37,0c,da,ae,9f,e1,2c,\"??"=hex:cf,a4,74,0e,57,a6,e8,83,c1,47,a5,ad,5b,73,73,86.Czas ukończenia: 2009-05-14 13:45ComboFix-quarantined-files.txt 2009-05-14 11:44ComboFix2.txt 2009-05-12 18:10Przed: 4 579 815 424 bajtów wolnychPo: 4 568 682 496 bajtów wolnych259 --- E O F --- 2008-11-17 17:30
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.