spanki utworzono 27 lutego 2008 utworzono 27 lutego 2008 Co chwila otwierają mi się jakieś strony z ostrzeżeniami, że mam spyware i żebym kupił oprogramowanie. Po paru dniach została mi podmieniona tapeta windowsa - czerwone tło i wielką czcionką - your privacy is in danger, download provacy protection now!. log: ComboFix 08-02-24.4 - Mama 2008-02-24 21:07:34.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.447 [GMT 1:00] Running from: C:\Documents and Settings\Mama\Pulpit\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\dat.txt C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt ----- BITS: Possible infected sites ----- hxxp://softworldnetwork.com hxxp://onsafepro.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\nm ((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))) . 2008-02-20 22:59 . 2008-02-20 00:03 315,392 --a------ C:\WINDOWS\dmdvpnvmq.dll 2008-02-20 22:59 . 2008-02-20 00:03 266,240 --a------ C:\WINDOWS\admgcx.dll 2008-02-20 22:59 . 2008-02-20 00:03 200,704 --a------ C:\WINDOWS\emotigt.dll 2008-02-20 22:59 . 2008-02-20 00:03 94,208 --a------ C:\WINDOWS\fsxloqf.exe 2008-02-17 21:48 . 2008-02-17 21:48 <DIR> d-------- C:\Program Files\PC Inspector File Recovery 2008-02-17 21:48 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD 2008-02-17 21:41 . 2008-02-17 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-02-17 21:41 . 2008-02-17 21:41 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-12 00:27 . 2008-02-12 00:27 <DIR> d-------- C:\Documents and Settings\Tata\Dane aplikacji\GanymedeNet 2008-02-10 22:14 . 2008-02-10 22:14 <DIR> d-------- C:\Documents and Settings\Mama\Dane aplikacji\GanymedeNet 2008-02-10 22:14 . 2008-02-10 22:14 4 --a------ C:\WINDOWS\system32\proc-1963933865.bin 2008-02-10 18:17 . 2008-02-10 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI 2008-02-10 18:14 . 2008-02-10 18:17 <DIR> d-------- C:\Program Files\ATI Technologies 2008-02-03 13:36 . 2008-02-03 13:38 <DIR> d-------- C:\Program Files\WinAce 2008-02-02 15:26 . 2008-02-02 15:33 <DIR> d-------- C:\Documents and Settings\Tata\.lincity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 00:02 --------- d-----w C:\Program Files\FlashGet 2008-02-19 19:30 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\mIRC 2008-02-19 19:20 --------- d-----w C:\Program Files\mIRC 2008-02-17 20:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-17 20:41 --------- d-----w C:\Program Files\QuickTime 2008-02-10 21:48 --------- d-----w C:\Documents and Settings\Tata\Dane aplikacji\ATI 2008-02-10 17:17 --------- d-----w C:\Documents and Settings\Mama\Dane aplikacji\ATI 2008-01-24 14:42 --------- d-----w C:\Documents and Settings\Tata\Dane aplikacji\mIRC 2008-01-24 13:35 --------- d-----w C:\Program Files\DOSBox-0.63 2008-01-19 10:20 --------- d-----w C:\Program Files\Soulseek2 2008-01-13 18:16 --------- d-----w C:\Program Files\Screamer Radio 2007-12-30 21:05 --------- d-----w C:\Program Files\Lendasoft 2007-12-29 19:13 --------- d-----w C:\Documents and Settings\Tata\Dane aplikacji\My Games 2007-12-27 22:28 --------- d-----w C:\Documents and Settings\Tata\Dane aplikacji\InstallShield Installation Information 2007-01-29 18:13 24,192 ----a-w C:\Documents and Settings\Tata\usbsermptxp.sys 2007-01-29 18:13 22,768 ----a-w C:\Documents and Settings\Tata\usbsermpt.sys 2006-05-03 11:25 21,671 ----a-w C:\Program Files\MaxiMus.htm . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81F4697D-617D-40B4-85BA-C7684D9BC543}] 2008-02-20 00:03 315392 --a------ C:\WINDOWS\dmdvpnvmq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} {B2F479AD-17DE-4F73-B844-7CF69003B916} [HKEY_CLASSES_ROOT\clsid\{b2f479ad-17de-4f73-b844-7cf69003b916}] [HKEY_CLASSES_ROOT\emotigt.1] [HKEY_CLASSES_ROOT\TypeLib\{46BE135C-8A32-46C9-9420-3018DF1BC3CB}] [HKEY_CLASSES_ROOT\emotigt] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "MSMSGS"="c:\PROGRA~1\MESSEN~1\Msmsgs.exe" [2005-08-31 20:27 1658592] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.EXE] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 18:23 761946] "SMSERIAL"="sm56hlpr.exe" [2005-11-10 02:44 557056 C:\WINDOWS\sm56hlpr.exe] "LaunchAp"="C:\Launch Manager\LaunchAp.exe" [ ] "HotkeyApp"="C:\Launch Manager\HotkeyApp.exe" [ ] "LMgrVolOSD"="C:\Launch Manager\OSD.exe" [ ] "LMgrOSD"="C:\Launch Manager\OSDCtrl.exe" [ ] "Wbutton"="C:\Launch Manager\Wbutton.exe" [ ] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "CtrlVol"="C:\Launch Manager\CtrlVol.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "admgcx"= {0A6326DB-2073-4E28-B043-CBDBA3064F82} - C:\WINDOWS\admgcx.dll [2008-02-20 00:03 266240] "bdmanager"= {8A43C2FC-D6A0-41E8-BD61-4701FEAAC617} - C:\WINDOWS\bdmanager.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Messenger\\Msmsgs.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\DYSK_D\\gry\\magic\\magicg\\Program\\Manalink.exe"= "C:\\Program Files\\Soulseek2\\slsk.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\DYSK_D\\gry\\civ4\\Civilization4.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\DYSK_D\\gry\\ShadowFlare\\ShadowFlare.exe"= R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:40] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e7cfb3f-6de3-11dc-a430-00c0a8c8b5d3}] \Shell\AutoRun\command - H:\USBNB.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-24 21:13:08 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2008-02-24 21:17:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-24 20:17:49 . 2008-01-21 22:03:10 --- E O F ---
Tomek komentarz 28 lutego 2008 komentarz 28 lutego 2008 Przeskanuj Spybot-em usuń C:\WINDOWS\dmdvpnvmq.dll C:\WINDOWS\admgcx.dll C:\WINDOWS\emotigt.dll C:\WINDOWS\fsxloqf.exe
Mateusz J. komentarz 8 marca 2008 komentarz 8 marca 2008 Prócz usunięcia tych plików, wklej do notatnika: Registry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"bdmanager"=-"admgcx"=- Plik==>zapisz jako pod nazwą "CFScript.txt", następnie przeciągnij plik: "CFScript.txt" na ikonę ComboFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.