luki102 utworzono 3 grudnia 2009 utworzono 3 grudnia 2009 (edytowane) Witam mam następujacy problem po skanowania combofixem gdy podlaczam jakie kolwiek urzadzenia np. komorke nie pokazuje wymiennej pamieci na logach sie nie znam ale mysle ze program cos usunal związanego z USB. Wklejam loga a jeszcze cos moglby mi ktos powiedziec jak to naprawic? LOG: ComboFix 09-12-02.08 - Administrator 2009-12-03 16:16.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.511.266 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\docume~1\ADMINI~1\USTAWI~1\Temp\cvasds0.dll c:\windows\AhnRpta.exe c:\windows\system32\afmain0.dll c:\windows\system32\ciuytr0.dll c:\windows\system32\ieuinit.inf c:\windows\system32\nmdfgds0.dll c:\windows\system32\olhrwef.exe c:\windows\system32\vamsoft.exe C:\x2tpc.cmd C:\yudald.bat D:\060ptrm.com D:\0bcobed.exe D:\0c9k.exe D:\0xuc.com D:\1f.bat D:\1ogf.exe D:\1xniph.bat D:\2.bat D:\28b6ry9r.exe D:\2aaxaiy.exe D:\2fiy.bat D:\6p2dxv.bat D:\6phx.com D:\8.exe D:\86l2qw.bat D:\86m2.cmd D:\8gig0ofk.com D:\8rcahp.exe D:\a1agmur.cmd D:\auq9bor.bat D:\Autorun.inf D:\boyedt.com D:\cb.exe D:\cqxj.exe D:\cv22.cmd D:\dbrxubcw.com D:\dt8.bat D:\e2.cmd D:\ej10fkdo.bat D:\em8tqm.cmd D:\eyt.exe D:\f2.bat D:\fbak.exe D:\g1ljsm.com D:\gi2ky.exe D:\gyn.cmd D:\hkn6k.bat D:\hl80c6b1.com D:\husyu8n.exe D:\hyetn1i.exe D:\i.cmd D:\i.com D:\i6a0.bat D:\i6g6x.cmd D:\icxpa.cmd D:\il0byu3h.com D:\j.cmd D:\j39y2.bat D:\jeorels.cmd D:\jm3cx96.bat D:\ljnhwt.bat D:\luk1ylq.com D:\minm.cmd D:\ml.com D:\nkbd1v.exe D:\nm3osq.bat D:\npee.com D:\nu.cmd D:\o.exe D:\o3n9k.com D:\opgde.exe D:\q0dhfjf.exe D:\q8e6.bat D:\q9.cmd D:\qoes.bat D:\qothmn.cmd D:\qphdin.com D:\qwtb.com D:\qxty9be.cmd D:\r8.bat D:\rbj9jn1n.bat D:\rwj0.cmd D:\sm.exe D:\ste8.bat D:\u.com D:\ukvr.bat D:\upw.bat D:\upx.bat D:\ur0.com D:\uvsqfgwd.cmd D:\uxkl0apt.bat D:\vwewav8.com D:\w.com D:\w2.com D:\x2csvg.exe D:\x2tpc.cmd D:\xdw.com D:\xh319r9b.bat D:\xhah66s.cmd D:\xmcckw.bat D:\xsia.bat D:\yb12j.cmd D:\yh.cmd D:\yhh.bat D:\ymxf2.exe D:\ysep1.exe D:\yudald.bat E:\0bcobed.exe E:\0xuc.com E:\1f.bat E:\1ogf.exe E:\1xniph.bat E:\2.bat E:\2aaxaiy.exe E:\2fiy.bat E:\6p2dxv.bat E:\8.exe E:\86l2qw.bat E:\86m2.cmd E:\8gig0ofk.com E:\8rcahp.exe E:\a1agmur.cmd E:\auq9bor.bat E:\Autorun.inf E:\boyedt.com E:\cb.exe E:\cqxj.exe E:\cv22.cmd E:\dbrxubcw.com E:\dt8.bat E:\e2.cmd E:\ej10fkdo.bat E:\em8tqm.cmd E:\eyt.exe E:\f2.bat E:\fbak.exe E:\g1ljsm.com E:\gi2ky.exe E:\gyn.cmd E:\hkn6k.bat E:\husyu8n.exe E:\hyetn1i.exe E:\i.cmd E:\i.com E:\i6a0.bat E:\i6g6x.cmd E:\icxpa.cmd E:\il0byu3h.com E:\j.cmd E:\j39y2.bat E:\jeorels.cmd E:\jm3cx96.bat E:\ljnhwt.bat E:\luk1ylq.com E:\minm.cmd E:\nm3osq.bat E:\npee.com E:\nu.cmd E:\o3n9k.com E:\opgde.exe E:\q0dhfjf.exe E:\q8e6.bat E:\q9.cmd E:\qoes.bat E:\qothmn.cmd E:\qphdin.com E:\qwtb.com E:\qxty9be.cmd E:\r8.bat E:\rbj9jn1n.bat E:\rwj0.cmd E:\sm.exe E:\ste8.bat E:\u.com E:\ukvr.bat E:\upw.bat E:\upx.bat E:\uvsqfgwd.cmd E:\uxkl0apt.bat E:\vwewav8.com E:\w.com E:\w2.com E:\x2tpc.cmd E:\xdw.com E:\xh319r9b.bat E:\xhah66s.cmd E:\xmcckw.bat E:\xsia.bat E:\yb12j.cmd E:\yh.cmd E:\yhh.bat E:\ymxf2.exe E:\ysep1.exe E:\yudald.bat F:\060ptrm.com F:\0bcobed.exe F:\0c9k.exe F:\0xuc.com F:\1f.bat F:\1ogf.exe F:\1xniph.bat F:\2.bat F:\28b6ry9r.exe F:\2aaxaiy.exe F:\2fiy.bat F:\6p2dxv.bat F:\6phx.com F:\8.exe F:\86l2qw.bat F:\86m2.cmd F:\8gig0ofk.com F:\8rcahp.exe F:\a1agmur.cmd F:\auq9bor.bat F:\Autorun.inf F:\boyedt.com F:\cb.exe F:\cqxj.exe F:\cv22.cmd F:\dbrxubcw.com F:\dt8.bat F:\e2.cmd F:\ej10fkdo.bat F:\em8tqm.cmd F:\eyt.exe F:\f2.bat F:\fbak.exe F:\g1ljsm.com F:\gi2ky.exe F:\gyn.cmd F:\hkn6k.bat F:\hl80c6b1.com F:\husyu8n.exe F:\hyetn1i.exe F:\i.cmd F:\i.com F:\i6a0.bat F:\i6g6x.cmd F:\icxpa.cmd F:\il0byu3h.com F:\j.cmd F:\j39y2.bat F:\jeorels.cmd F:\jm3cx96.bat F:\ljnhwt.bat F:\luk1ylq.com F:\minm.cmd F:\ml.com F:\nkbd1v.exe F:\nm3osq.bat F:\npee.com F:\nu.cmd F:\o.exe F:\o3n9k.com F:\opgde.exe F:\q0dhfjf.exe F:\q8e6.bat F:\q9.cmd F:\qoes.bat F:\qothmn.cmd F:\qphdin.com F:\qwtb.com F:\qxty9be.cmd F:\r8.bat F:\rbj9jn1n.bat F:\rwj0.cmd F:\sm.exe F:\ste8.bat F:\u.com F:\ukvr.bat F:\Uninstall.exe F:\upw.bat F:\upx.bat F:\ur0.com F:\uvsqfgwd.cmd F:\uxkl0apt.bat F:\vwewav8.com F:\w.com F:\w2.com F:\x2csvg.exe F:\x2tpc.cmd F:\xdw.com F:\xh319r9b.bat F:\xhah66s.cmd F:\xmcckw.bat F:\xsia.bat F:\yb12j.cmd F:\yh.cmd F:\yhh.bat F:\ymxf2.exe F:\ysep1.exe F:\yudald.bat c:\windows\system32\qmgr.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-03 do 2009-12-03 ))))))))))))))))))))))))))))))) . 2009-12-02 17:26 . 2003-08-25 17:06 182880 -c--a-w- c:\windows\system32\dllcache\iuengine.dll 2009-12-02 17:26 . 2003-08-25 17:06 182880 ----a-w- c:\windows\system32\iuengine.dll 2009-12-02 16:46 . 2009-12-02 16:46 0 ----a-w- c:\windows\nsreg.dat 2009-12-02 16:46 . 2009-12-02 16:46 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla 2009-12-02 16:37 . 2009-12-02 16:37 -------- d-----w- c:\documents and settings\Administrator\.gstreamer-0.10 2009-12-02 16:36 . 2009-12-02 18:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-12-02 16:36 . 2009-12-02 16:36 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\OpenFM 2009-12-02 15:26 . 2009-12-02 15:26 -------- d-----w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache 2009-12-02 15:24 . 2009-12-02 15:24 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10 2009-12-02 14:56 . 2009-12-02 14:56 -------- d-s---w- c:\documents and settings\Administrator\UserData 2009-11-28 18:16 . 2009-11-28 18:16 -------- d-----w- c:\program files\directx 2009-11-28 18:16 . 2009-11-28 18:16 -------- d-----w- c:\windows\AM 2009-11-28 12:41 . 2009-12-02 14:51 -------- d-----w- c:\windows\LastGood 2009-11-28 12:39 . 2009-11-28 12:40 -------- d-----w- c:\program files\neostrada tp . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-02 14:50 . 2009-12-02 14:50 33 ----a-w- c:\windows\system32\drivers\adidsl.cfg 2009-12-02 14:50 . 2009-11-27 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-02 14:50 . 2009-12-02 14:50 -------- d-----w- c:\program files\SAGEM 2009-11-27 17:38 . 2009-11-27 17:30 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-27 17:30 . 2009-11-27 17:30 -------- d-----w- c:\program files\ATI Technologies 2009-11-27 17:28 . 2009-11-27 17:28 -------- d-----w- c:\program files\Ruling Technologies 2009-11-27 17:27 . 2009-11-27 17:27 -------- d-----w- c:\program files\SiS7012 2009-11-27 17:23 . 2009-11-27 17:23 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-11-27 17:23 . 2009-11-27 17:23 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-11-27 17:22 . 2009-11-27 17:22 -------- d-----w- c:\program files\PCI Audio Applications 2009-11-27 17:16 . 2001-10-26 16:15 49492 ----a-w- c:\windows\system32\perfc015.dat 2009-11-27 17:16 . 2001-10-26 16:15 355486 ----a-w- c:\windows\system32\perfh015.dat 2009-11-27 17:05 . 2009-11-27 17:05 -------- d-----w- c:\program files\microsoft frontpage 2009-11-27 17:04 . 2009-11-27 17:04 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-11-27 17:03 . 2009-11-27 17:00 -------- d-----w- c:\program files\Usługi online 2009-11-27 17:01 . 2009-11-27 17:01 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-23 10:53 . 2009-11-23 10:53 37376 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2007-11-28 20:19 . 2009-12-02 16:46 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 20:19 . 2009-12-02 16:46 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 20:19 . 2009-12-02 16:46 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 20:19 . 2009-12-02 16:46 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 20:19 . 2009-12-02 16:46 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="d:\gadu-gadu 10\gg.exe" [2009-11-23 11797096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="c:\program files\PCI Audio Applications\Bin\AudioRack.exe" [2001-05-09 303104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-12-2 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"= "c:\windows\System32\softqq1.dll" [2002-09-20 157615] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\PCI Audio Applications\\Bin\\AudioRack.exe"= R3 abp470n5;abp470n5;\??\c:\windows\System32\drivers\gmmngn.sys --> c:\windows\System32\drivers\gmmngn.sys [?] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-12-02 116992] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2009-11-27 38946] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-12-02 64000] S3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2001-05-21 8051] . . ------- Skan uzupełniający ------- . IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm TCP: {3BBCE5CF-2F18-4685-9721-8581B70637C7} = 194.204.152.34 194.204.159.1 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\8o942bnm.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-vamsoft - c:\windows\System32\vamsoft.exe AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012 ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-03 16:24 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(464) c:\windows\System32\ODBC32.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(524) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe . ************************************************************************** . Czas ukończenia: 2009-12-03 16:28 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-12-03 15:28 Przed: 17 326 448 640 bajtów wolnych Po: 17 312 677 888 bajtów wolnych winxpsp1_pl_pro_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - 06DF942460A626C42B487E59D3D06590
Gość komentarz 3 grudnia 2009 komentarz 3 grudnia 2009 (edytowane) Masz Sality. Lekturka: http://helpc.eu/usuwanie-wirusa-sality-t1950.html
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.