x-kom hosting

Log do sprawdzenia

luki102
utworzono
utworzono (edytowane)

Witam mam następujacy problem po skanowania combofixem gdy podlaczam jakie kolwiek urzadzenia np. komorke nie pokazuje wymiennej pamieci na logach sie nie znam ale mysle ze program cos usunal związanego z USB. Wklejam loga a jeszcze cos moglby mi ktos powiedziec jak to naprawic?


LOG:
ComboFix 09-12-02.08 - Administrator 2009-12-03 16:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.511.266 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\ADMINI~1\USTAWI~1\Temp\cvasds0.dll
c:\windows\AhnRpta.exe
c:\windows\system32\afmain0.dll
c:\windows\system32\ciuytr0.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\vamsoft.exe
C:\x2tpc.cmd
C:\yudald.bat
D:\060ptrm.com
D:\0bcobed.exe
D:\0c9k.exe
D:\0xuc.com
D:\1f.bat
D:\1ogf.exe
D:\1xniph.bat
D:\2.bat
D:\28b6ry9r.exe
D:\2aaxaiy.exe
D:\2fiy.bat
D:\6p2dxv.bat
D:\6phx.com
D:\8.exe
D:\86l2qw.bat
D:\86m2.cmd
D:\8gig0ofk.com
D:\8rcahp.exe
D:\a1agmur.cmd
D:\auq9bor.bat
D:\Autorun.inf
D:\boyedt.com
D:\cb.exe
D:\cqxj.exe
D:\cv22.cmd
D:\dbrxubcw.com
D:\dt8.bat
D:\e2.cmd
D:\ej10fkdo.bat
D:\em8tqm.cmd
D:\eyt.exe
D:\f2.bat
D:\fbak.exe
D:\g1ljsm.com
D:\gi2ky.exe
D:\gyn.cmd
D:\hkn6k.bat
D:\hl80c6b1.com
D:\husyu8n.exe
D:\hyetn1i.exe
D:\i.cmd
D:\i.com
D:\i6a0.bat
D:\i6g6x.cmd
D:\icxpa.cmd
D:\il0byu3h.com
D:\j.cmd
D:\j39y2.bat
D:\jeorels.cmd
D:\jm3cx96.bat
D:\ljnhwt.bat
D:\luk1ylq.com
D:\minm.cmd
D:\ml.com
D:\nkbd1v.exe
D:\nm3osq.bat
D:\npee.com
D:\nu.cmd
D:\o.exe
D:\o3n9k.com
D:\opgde.exe
D:\q0dhfjf.exe
D:\q8e6.bat
D:\q9.cmd
D:\qoes.bat
D:\qothmn.cmd
D:\qphdin.com
D:\qwtb.com
D:\qxty9be.cmd
D:\r8.bat
D:\rbj9jn1n.bat
D:\rwj0.cmd
D:\sm.exe
D:\ste8.bat
D:\u.com
D:\ukvr.bat
D:\upw.bat
D:\upx.bat
D:\ur0.com
D:\uvsqfgwd.cmd
D:\uxkl0apt.bat
D:\vwewav8.com
D:\w.com
D:\w2.com
D:\x2csvg.exe
D:\x2tpc.cmd
D:\xdw.com
D:\xh319r9b.bat
D:\xhah66s.cmd
D:\xmcckw.bat
D:\xsia.bat
D:\yb12j.cmd
D:\yh.cmd
D:\yhh.bat
D:\ymxf2.exe
D:\ysep1.exe
D:\yudald.bat
E:\0bcobed.exe
E:\0xuc.com
E:\1f.bat
E:\1ogf.exe
E:\1xniph.bat
E:\2.bat
E:\2aaxaiy.exe
E:\2fiy.bat
E:\6p2dxv.bat
E:\8.exe
E:\86l2qw.bat
E:\86m2.cmd
E:\8gig0ofk.com
E:\8rcahp.exe
E:\a1agmur.cmd
E:\auq9bor.bat
E:\Autorun.inf
E:\boyedt.com
E:\cb.exe
E:\cqxj.exe
E:\cv22.cmd
E:\dbrxubcw.com
E:\dt8.bat
E:\e2.cmd
E:\ej10fkdo.bat
E:\em8tqm.cmd
E:\eyt.exe
E:\f2.bat
E:\fbak.exe
E:\g1ljsm.com
E:\gi2ky.exe
E:\gyn.cmd
E:\hkn6k.bat
E:\husyu8n.exe
E:\hyetn1i.exe
E:\i.cmd
E:\i.com
E:\i6a0.bat
E:\i6g6x.cmd
E:\icxpa.cmd
E:\il0byu3h.com
E:\j.cmd
E:\j39y2.bat
E:\jeorels.cmd
E:\jm3cx96.bat
E:\ljnhwt.bat
E:\luk1ylq.com
E:\minm.cmd
E:\nm3osq.bat
E:\npee.com
E:\nu.cmd
E:\o3n9k.com
E:\opgde.exe
E:\q0dhfjf.exe
E:\q8e6.bat
E:\q9.cmd
E:\qoes.bat
E:\qothmn.cmd
E:\qphdin.com
E:\qwtb.com
E:\qxty9be.cmd
E:\r8.bat
E:\rbj9jn1n.bat
E:\rwj0.cmd
E:\sm.exe
E:\ste8.bat
E:\u.com
E:\ukvr.bat
E:\upw.bat
E:\upx.bat
E:\uvsqfgwd.cmd
E:\uxkl0apt.bat
E:\vwewav8.com
E:\w.com
E:\w2.com
E:\x2tpc.cmd
E:\xdw.com
E:\xh319r9b.bat
E:\xhah66s.cmd
E:\xmcckw.bat
E:\xsia.bat
E:\yb12j.cmd
E:\yh.cmd
E:\yhh.bat
E:\ymxf2.exe
E:\ysep1.exe
E:\yudald.bat
F:\060ptrm.com
F:\0bcobed.exe
F:\0c9k.exe
F:\0xuc.com
F:\1f.bat
F:\1ogf.exe
F:\1xniph.bat
F:\2.bat
F:\28b6ry9r.exe
F:\2aaxaiy.exe
F:\2fiy.bat
F:\6p2dxv.bat
F:\6phx.com
F:\8.exe
F:\86l2qw.bat
F:\86m2.cmd
F:\8gig0ofk.com
F:\8rcahp.exe
F:\a1agmur.cmd
F:\auq9bor.bat
F:\Autorun.inf
F:\boyedt.com
F:\cb.exe
F:\cqxj.exe
F:\cv22.cmd
F:\dbrxubcw.com
F:\dt8.bat
F:\e2.cmd
F:\ej10fkdo.bat
F:\em8tqm.cmd
F:\eyt.exe
F:\f2.bat
F:\fbak.exe
F:\g1ljsm.com
F:\gi2ky.exe
F:\gyn.cmd
F:\hkn6k.bat
F:\hl80c6b1.com
F:\husyu8n.exe
F:\hyetn1i.exe
F:\i.cmd
F:\i.com
F:\i6a0.bat
F:\i6g6x.cmd
F:\icxpa.cmd
F:\il0byu3h.com
F:\j.cmd
F:\j39y2.bat
F:\jeorels.cmd
F:\jm3cx96.bat
F:\ljnhwt.bat
F:\luk1ylq.com
F:\minm.cmd
F:\ml.com
F:\nkbd1v.exe
F:\nm3osq.bat
F:\npee.com
F:\nu.cmd
F:\o.exe
F:\o3n9k.com
F:\opgde.exe
F:\q0dhfjf.exe
F:\q8e6.bat
F:\q9.cmd
F:\qoes.bat
F:\qothmn.cmd
F:\qphdin.com
F:\qwtb.com
F:\qxty9be.cmd
F:\r8.bat
F:\rbj9jn1n.bat
F:\rwj0.cmd
F:\sm.exe
F:\ste8.bat
F:\u.com
F:\ukvr.bat
F:\Uninstall.exe
F:\upw.bat
F:\upx.bat
F:\ur0.com
F:\uvsqfgwd.cmd
F:\uxkl0apt.bat
F:\vwewav8.com
F:\w.com
F:\w2.com
F:\x2csvg.exe
F:\x2tpc.cmd
F:\xdw.com
F:\xh319r9b.bat
F:\xhah66s.cmd
F:\xmcckw.bat
F:\xsia.bat
F:\yb12j.cmd
F:\yh.cmd
F:\yhh.bat
F:\ymxf2.exe
F:\ysep1.exe
F:\yudald.bat

c:\windows\system32\qmgr.dll . . . jest zainfekowany!!

.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-03 do 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-02 17:26 . 2003-08-25 17:06 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll
2009-12-02 17:26 . 2003-08-25 17:06 182880 ----a-w- c:\windows\system32\iuengine.dll
2009-12-02 16:46 . 2009-12-02 16:46 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 16:46 . 2009-12-02 16:46 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-12-02 16:37 . 2009-12-02 16:37 -------- d-----w- c:\documents and settings\Administrator\.gstreamer-0.10
2009-12-02 16:36 . 2009-12-02 18:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-12-02 16:36 . 2009-12-02 16:36 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\OpenFM
2009-12-02 15:26 . 2009-12-02 15:26 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache
2009-12-02 15:24 . 2009-12-02 15:24 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10
2009-12-02 14:56 . 2009-12-02 14:56 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-11-28 18:16 . 2009-11-28 18:16 -------- d-----w- c:\program files\directx
2009-11-28 18:16 . 2009-11-28 18:16 -------- d-----w- c:\windows\AM
2009-11-28 12:41 . 2009-12-02 14:51 -------- d-----w- c:\windows\LastGood
2009-11-28 12:39 . 2009-11-28 12:40 -------- d-----w- c:\program files\neostrada tp

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-02 14:50 . 2009-12-02 14:50 33 ----a-w- c:\windows\system32\drivers\adidsl.cfg
2009-12-02 14:50 . 2009-11-27 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-02 14:50 . 2009-12-02 14:50 -------- d-----w- c:\program files\SAGEM
2009-11-27 17:38 . 2009-11-27 17:30 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-27 17:30 . 2009-11-27 17:30 -------- d-----w- c:\program files\ATI Technologies
2009-11-27 17:28 . 2009-11-27 17:28 -------- d-----w- c:\program files\Ruling Technologies
2009-11-27 17:27 . 2009-11-27 17:27 -------- d-----w- c:\program files\SiS7012
2009-11-27 17:23 . 2009-11-27 17:23 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-11-27 17:23 . 2009-11-27 17:23 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-11-27 17:22 . 2009-11-27 17:22 -------- d-----w- c:\program files\PCI Audio Applications
2009-11-27 17:16 . 2001-10-26 16:15 49492 ----a-w- c:\windows\system32\perfc015.dat
2009-11-27 17:16 . 2001-10-26 16:15 355486 ----a-w- c:\windows\system32\perfh015.dat
2009-11-27 17:05 . 2009-11-27 17:05 -------- d-----w- c:\program files\microsoft frontpage
2009-11-27 17:04 . 2009-11-27 17:04 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-27 17:03 . 2009-11-27 17:00 -------- d-----w- c:\program files\Usługi online
2009-11-27 17:01 . 2009-11-27 17:01 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-23 10:53 . 2009-11-23 10:53 37376 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2007-11-28 20:19 . 2009-12-02 16:46 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 20:19 . 2009-12-02 16:46 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 20:19 . 2009-12-02 16:46 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 20:19 . 2009-12-02 16:46 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 20:19 . 2009-12-02 16:46 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="d:\gadu-gadu 10\gg.exe" [2009-11-23 11797096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="c:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-12-2 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"= "c:\windows\System32\softqq1.dll" [2002-09-20 157615]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\PCI Audio Applications\\Bin\\AudioRack.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\System32\drivers\gmmngn.sys --> c:\windows\System32\drivers\gmmngn.sys [?]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-12-02 116992]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2009-11-27 38946]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-12-02 64000]
S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-05-21 8051]
.
.
------- Skan uzupełniający -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {3BBCE5CF-2F18-4685-9721-8581B70637C7} = 194.204.152.34 194.204.159.1
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\8o942bnm.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-vamsoft - c:\windows\System32\vamsoft.exe
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 16:24
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\windows\System32\ODBC32.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(524)
c:\windows\System32\dssenh.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Czas ukończenia: 2009-12-03 16:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-12-03 15:28

Przed: 17 326 448 640 bajtów wolnych
Po: 17 312 677 888 bajtów wolnych

winxpsp1_pl_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 06DF942460A626C42B487E59D3D06590

Gość
komentarz
komentarz (edytowane)

Masz Sality.
Lekturka: http://helpc.eu/usuwanie-wirusa-sality-t1950.html

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.