x-kom hosting

Trojan Downlander?

Atomic
utworzono
utworzono

Witam mam trojana downlandera gdyż pisze mi na pasku : You have a security problem i wykryło mi na anitywirusie.

Co mam następnie zrobić do visty?

Gość
komentarz
komentarz

Spróbuj dać log z -----> ComboFixa. ;)

Atomic
komentarz
komentarz
 ComboFix 08-08-31.01 - marek 2008-09-01 11:59:24.1 - NTFSx86Microsoft? Windows Vista? Home Basic   6.0.6000.0.1250.1.1045.18.1188 [GMT 2:00]Running from: C:\Users\marek\Desktop\ComboFix.exe * Created a new restore point.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\ShoppingReportC:\Users\marek\AppData\Roaming\macromedia\Flash Player\#SharedObjects\AA76GMCV\bin.clearspring.comC:\Users\marek\AppData\Roaming\macromedia\Flash Player\#SharedObjects\AA76GMCV\bin.clearspring.com\clearspring.solC:\Users\marek\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.comC:\Users\marek\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.solC:\Windows\system32\x64.(((((((((((((((((((((((((   Files Created from 2008-08-01 to 2008-09-01  ))))))))))))))))))))))))))))))).No new files created in this timespan.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-01 09:42	---------	d-----w	C:\Users\marek\AppData\Roaming\AVG72008-09-01 08:41	---------	d-----w	C:\ProgramData\Lavasoft2008-09-01 07:49	---------	d-----w	C:\Program Files\Lavasoft2008-09-01 07:43	---------	d-----w	C:\ProgramData\HlpApi2008-09-01 07:18	---------	d-----w	C:\Program Files\PC Clean Pro2008-09-01 07:00	---------	d-----w	C:\Users\marek\AppData\Roaming\Azureus2008-09-01 06:59	---------	d-----w	C:\ProgramData\SysSetSmart2008-09-01 06:59	---------	d-----w	C:\ProgramData\strcmd2008-09-01 06:57	---------	d-----w	C:\ProgramData\vgxedonk2008-09-01 06:57	---------	d-----w	C:\ProgramData\actadm2008-08-22 17:36	---------	d-----w	C:\Program Files\SopCast2008-08-16 06:23	---------	d-----w	C:\Program Files\Windows Mail2008-07-24 08:20	---------	d-----w	C:\Program Files\Mozilla Thunderbird2008-07-22 06:04	---------	d-----w	C:\Program Files\NAPI-PROJEKT2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe2008-07-15 23:48	2,048	----a-w	C:\Windows\System32\tzres.dll2008-07-09 15:04	174	--sha-w	C:\Program Files\desktop.ini2008-07-07 15:46	---------	d-----w	C:\Program Files\Azureus2008-07-01 06:54	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll2008-06-05 17:50	821,268	----a-w	C:\Windows\System32\~.tmp2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat2008-02-11 18:50	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:08 1232896]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]"actadm"="C:\ProgramData\actadm\hitgjelq.exe" [2008-09-01 08:57 102400]"Fd0d2jN0LA"="C:\ProgramData\vgxedonk\jyncvgjc.exe" [2008-09-01 08:57 61440][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 11:27 580096]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 3772416 C:\Windows\RtHDVCpl.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 09:33 219136]C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]2007-12-21 09:33 9216 C:\Windows\System32\avgwlntf.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{0A0CE605-3E1F-4068-AE37-B365F30FF631}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{3E97AB0A-C25A-4CBF-83D8-761CF243428B}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"{8008C45E-F9E8-4C74-8CC3-2CE28B5C1D16}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"{34347669-33E1-4FB9-9C80-D8AEE9B2E2DB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"TCP Query User{AA810357-0272-46A5-8947-CC85372E2C6C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{5EAACF15-0ABA-4D4C-BF69-38D19D132F78}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{C8C88BCD-6F8F-49CF-9157-8F8280EDC3CF}C:\\program files\\tlen.pl\\tlen.exe"= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"UDP Query User{98E16831-E60B-4DC1-BB4C-5C4B74722ACD}C:\\program files\\tlen.pl\\tlen.exe"= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"TCP Query User{C851B21C-EDA1-4D6D-B12F-5AFE45138366}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"UDP Query User{5ED0C311-FAB4-4879-AB21-8341B899A9A4}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"TCP Query User{EABCD770-F99A-4EC2-AF5A-EEC3905D7FC3}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{CD517FE9-52B5-4E7E-B66A-01F62E4182C5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{95D08E3A-82A5-44E2-A13B-DC9A0DDDA6ED}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{49BF37D2-69CB-4A86-89BA-744ACF1BA419}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{5AFBE8DF-7A05-4BE5-811E-7447624CBFD9}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= UDP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"UDP Query User{82971234-D630-4A98-B221-40A79E5B0811}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= TCP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"TCP Query User{8781FA3D-8F24-46D0-8B0B-0F5336EF5D6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus"UDP Query User{50780195-EA9E-44DC-B82F-C81F109EACB4}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus"TCP Query User{0BC8A49A-92E8-4000-B299-4A30444784FD}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{A89DD888-2EB9-460B-BA31-67F5B8186A01}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"TCP Query User{8546DBBA-6666-4E07-91D4-D29B70CA9EAD}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"UDP Query User{B3C05C61-1400-4672-9493-3E8E4A8612BA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"TCP Query User{3780B0B5-73EC-47EC-AFFA-4AFF97035809}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{18566339-F0F7-4BB0-ACD4-158F5A63764D}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"TCP Query User{B2911E93-A2C3-44F1-8F7A-EF50ACB09234}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{D94406E2-BAC8-416B-B360-51BBD01BB2E0}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"{330C9EC4-D048-4CA9-98F2-4B2EF9D4533D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{930C1390-8B2A-48CB-A508-16ADEFC9B173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{90C507BF-C447-4270-8BD9-2E7D81843CC9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{87C9E4F8-1EA9-4883-96B9-D8EEB36AF07D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{37500DAB-C35F-48DA-9581-94BE61A0BC02}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 19:52]R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:51]R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 12:18][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Contents of the 'Scheduled Tasks' folder.- - - - ORPHANS REMOVED - - - -HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeHKCU-Run-ares - C:\Program Files\Ares\Ares.exeHKCU-Run-lphc73nj0enc5 - C:\Windows\system32\lphc73nj0enc5.exeHKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exeMSConfigStartUp-Shareaza - C:\Program Files\Shareaza\Shareaza.exe.------- Supplementary Scan -------.FireFox -: Profile - C:\Users\marek\AppData\Roaming\Mozilla\Firefox\Profiles\x3pl1316.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.dziennik.krakow.pl/FF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava11.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava12.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava13.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava14.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJava32.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dllFF -: plugin - C:\Program Files\Java\jre1.5.0\bin\NPOJI610.dllFF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll..------- File Associations (Beta) -------.vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-01 12:02:51Windows 6.0.6000  NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-01 12:05:02ComboFix-quarantined-files.txt  2008-09-01 10:04:38Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.Post-Run: 19,623,170,048 bajtów wolnych192	--- E O F ---	2008-08-29 05:34:58
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:12:41, on 2008-09-01Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\igfxsrvc.exeC:\ProgramData\actadm\hitgjelq.exeC:\ProgramData\vgxedonk\jyncvgjc.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Windows\system32\CF14918.exeC:\Windows\system32\conime.exeC:\Windows\Explorer.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Internet Explorer\IEUser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bph.pl/pi/do/LoginR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [actadm] C:\ProgramData\actadm\hitgjelq.exeO4 - HKCU\..\Run: [Fd0d2jN0LA] C:\ProgramData\vgxedonk\jyncvgjc.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cabO16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{38BB3359-68DB-4E3A-AC22-15C57BC50D91}: NameServer = 192.168.1.1O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exeO23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe--End of file - 7743 bytes

-i jak kilkam na ten dymek to przekierowywuje mnie na strone jakiegos antyvirusa

-w antyvirze pisze ze to trojan downlander

wojtek-pl1
komentarz
komentarz
O4 - HKCU\..\Run: [actadm] C:\ProgramData\actadm\hitgjelq.exeO4 - HKCU\..\Run: [Fd0d2jN0LA] C:\ProgramData\vgxedonk\jyncvgjc.exe

Fix

Gość
komentarz
komentarz

Dodatkowo do wypowiedzi @wojtek-pl1:

Wklej do Notatnika:

File::C:\ProgramData\actadm\hitgjelq.exeC:\ProgramData\vgxedonk\jyncvgjc.exeRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"actadm"=-"Fd0d2jN0LA"=-

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

snip91
komentarz
komentarz

Jak już sprawdzasz logi to rób to do końca.

Te pliki jeszcze trzeba usunąć --> do notatnika wklej:

File:: C:\ProgramData\actadm\hitgjelq.exe C:\ProgramData\vgxedonk\jyncvgjc.exe

W notatniku zakładka Plik --> Zapisz jako --> zapisz pod nazwą CFScript.txt i zapisz go w tym samym katalogu, w którym jest ComboFix.

Wystartuj tryb awaryjny (F8 podczas ładowania systemu). Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt tak, jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log, który pokazujesz na forum.

Po restarcie usuń ręcznie folder C:\Qoobox.

Zaraz sprawdzę ComboFix.

EDIT: widzę, że już sprawdzony ;)

Atomic
komentarz
komentarz

Mam problem bo po przeciągnięciu do combo tego notatnika laduje sie combo a potem nic sie nie dzieje..moze to przez viste ? jak zadzialac?

snip91
komentarz
komentarz

Robisz to w trybie awaryjnym?

Sprawdź plik ComboFix.txt - zmienił się?

Atomic
komentarz
komentarz

Tamten log juz wykasowałem więc nowy zrobic ?

A w trypie awaryjnym nie wiem chyba nie.

snip91
komentarz
komentarz

Wejdź w tryb awaryjny i wykonaj te czynności.

Atomic
komentarz
komentarz

Teraz jak do tego trybu wejść..:)

wojtek-pl1
komentarz
komentarz

Gdy uruchamiasz PC naciskasz F8 i automatycznie cie przeniesie cie do trybu awaryjnego

Atomic
komentarz
komentarz
 ComboFix 08-08-31.01 - marek 2008-09-01 14:11:25.2 - NTFSx86Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1250.1.1045.18.1214 [GMT 2:00]Running from: C:\Users\marek\Desktop\ComboFix.exeCommand switches used :: C:\Users\marek\Desktop\CFScript.TXT.txt * Created a new restore pointFILE ::C:\ProgramData\actadm\hitgjelq.exeC:\ProgramData\vgxedonk\jyncvgjc.exe.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\ProgramData\actadm\hitgjelq.exeC:\ProgramData\vgxedonk\jyncvgjc.exe.(((((((((((((((((((((((((   Files Created from 2008-08-01 to 2008-09-01  ))))))))))))))))))))))))))))))).No new files created in this timespan.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-01 12:12	---------	d-----w	C:\ProgramData\vgxedonk2008-09-01 12:12	---------	d-----w	C:\ProgramData\actadm2008-09-01 11:24	---------	d-----w	C:\Users\marek\AppData\Roaming\AVG72008-09-01 10:12	---------	d-----w	C:\Program Files\Trend Micro2008-09-01 08:41	---------	d-----w	C:\ProgramData\Lavasoft2008-09-01 07:49	---------	d-----w	C:\Program Files\Lavasoft2008-09-01 07:43	---------	d-----w	C:\ProgramData\HlpApi2008-09-01 07:18	---------	d-----w	C:\Program Files\PC Clean Pro2008-09-01 07:00	---------	d-----w	C:\Users\marek\AppData\Roaming\Azureus2008-09-01 06:59	---------	d-----w	C:\ProgramData\SysSetSmart2008-09-01 06:59	---------	d-----w	C:\ProgramData\strcmd2008-08-22 17:36	---------	d-----w	C:\Program Files\SopCast2008-08-16 06:23	---------	d-----w	C:\Program Files\Windows Mail2008-07-24 08:20	---------	d-----w	C:\Program Files\Mozilla Thunderbird2008-07-22 06:04	---------	d-----w	C:\Program Files\NAPI-PROJEKT2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe2008-07-15 23:48	2,048	----a-w	C:\Windows\System32\tzres.dll2008-07-09 15:04	174	--sha-w	C:\Program Files\desktop.ini2008-07-07 15:46	---------	d-----w	C:\Program Files\Azureus2008-07-01 06:54	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll2008-06-05 17:50	821,268	----a-w	C:\Windows\System32\~.tmp2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat2008-02-11 18:50	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat.(((((((((((((((((((((((((((((   snapshot@2008-09-01_12.03.43.60   ))))))))))))))))))))))))))))))))))))))))).- 2008-09-01 09:42:03	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat+ 2008-09-01 12:10:59	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat+ 2008-09-01 12:10:59	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1- 2008-09-01 09:41:58	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat+ 2008-09-01 12:10:59	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat+ 2008-09-01 12:10:59	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1- 2008-09-01 09:39:42	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2008-09-01 12:14:48	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2008-09-01 09:39:42	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2008-09-01 12:14:48	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2008-09-01 09:39:42	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2008-09-01 12:14:48	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2008-09-01 09:42:24	11,212	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1551234583-1583357977-2871953267-1000_UserData.bin+ 2008-09-01 12:11:32	11,212	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1551234583-1583357977-2871953267-1000_UserData.bin- 2008-09-01 09:42:23	56,596	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2008-09-01 12:11:32	56,682	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin- 2008-09-01 09:42:21	45,270	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2008-09-01 12:11:26	45,428	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:08 1232896]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 11:27 580096]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 3772416 C:\Windows\RtHDVCpl.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 09:33 219136]C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]2007-12-21 09:33 9216 C:\Windows\System32\avgwlntf.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{0A0CE605-3E1F-4068-AE37-B365F30FF631}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{3E97AB0A-C25A-4CBF-83D8-761CF243428B}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"{8008C45E-F9E8-4C74-8CC3-2CE28B5C1D16}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"{34347669-33E1-4FB9-9C80-D8AEE9B2E2DB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"TCP Query User{AA810357-0272-46A5-8947-CC85372E2C6C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{5EAACF15-0ABA-4D4C-BF69-38D19D132F78}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{C8C88BCD-6F8F-49CF-9157-8F8280EDC3CF}C:\\program files\\tlen.pl\\tlen.exe"= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"UDP Query User{98E16831-E60B-4DC1-BB4C-5C4B74722ACD}C:\\program files\\tlen.pl\\tlen.exe"= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"TCP Query User{C851B21C-EDA1-4D6D-B12F-5AFE45138366}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"UDP Query User{5ED0C311-FAB4-4879-AB21-8341B899A9A4}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"TCP Query User{EABCD770-F99A-4EC2-AF5A-EEC3905D7FC3}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{CD517FE9-52B5-4E7E-B66A-01F62E4182C5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{95D08E3A-82A5-44E2-A13B-DC9A0DDDA6ED}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{49BF37D2-69CB-4A86-89BA-744ACF1BA419}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{5AFBE8DF-7A05-4BE5-811E-7447624CBFD9}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= UDP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"UDP Query User{82971234-D630-4A98-B221-40A79E5B0811}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= TCP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"TCP Query User{8781FA3D-8F24-46D0-8B0B-0F5336EF5D6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus"UDP Query User{50780195-EA9E-44DC-B82F-C81F109EACB4}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus"TCP Query User{0BC8A49A-92E8-4000-B299-4A30444784FD}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{A89DD888-2EB9-460B-BA31-67F5B8186A01}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"TCP Query User{8546DBBA-6666-4E07-91D4-D29B70CA9EAD}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"UDP Query User{B3C05C61-1400-4672-9493-3E8E4A8612BA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"TCP Query User{3780B0B5-73EC-47EC-AFFA-4AFF97035809}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{18566339-F0F7-4BB0-ACD4-158F5A63764D}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"TCP Query User{B2911E93-A2C3-44F1-8F7A-EF50ACB09234}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{D94406E2-BAC8-416B-B360-51BBD01BB2E0}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"{330C9EC4-D048-4CA9-98F2-4B2EF9D4533D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{930C1390-8B2A-48CB-A508-16ADEFC9B173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{90C507BF-C447-4270-8BD9-2E7D81843CC9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{87C9E4F8-1EA9-4883-96B9-D8EEB36AF07D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{37500DAB-C35F-48DA-9581-94BE61A0BC02}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 19:52]R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:51]R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 12:18][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc.Contents of the 'Scheduled Tasks' folder.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-01 14:15:18Windows 6.0.6000  NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-01 14:17:08ComboFix-quarantined-files.txt  2008-09-01 12:16:29ComboFix2.txt  2008-09-01 10:05:03Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.Post-Run: 22,709,239,808 bajtów wolnych183	--- E O F ---	2008-08-29 05:34:58
Gość
komentarz
komentarz

Wklej do Notatnika:

DirLook::C:\ProgramData\vgxedonk

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Atomic
komentarz
komentarz
 ComboFix 08-08-31.01 - marek 2008-09-01 14:41:33.3 - NTFSx86Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1250.1.1045.18.1291 [GMT 2:00]Running from: C:\Users\marek\Desktop\ComboFix.exeCommand switches used :: C:\Users\marek\Desktop\CFScript.txt * Created a new restore point.(((((((((((((((((((((((((   Files Created from 2008-08-01 to 2008-09-01  ))))))))))))))))))))))))))))))).No new files created in this timespan.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-01 12:12	---------	d-----w	C:\ProgramData\vgxedonk2008-09-01 12:12	---------	d-----w	C:\ProgramData\actadm2008-09-01 11:24	---------	d-----w	C:\Users\marek\AppData\Roaming\AVG72008-09-01 10:12	---------	d-----w	C:\Program Files\Trend Micro2008-09-01 08:41	---------	d-----w	C:\ProgramData\Lavasoft2008-09-01 07:49	---------	d-----w	C:\Program Files\Lavasoft2008-09-01 07:43	---------	d-----w	C:\ProgramData\HlpApi2008-09-01 07:18	---------	d-----w	C:\Program Files\PC Clean Pro2008-09-01 07:00	---------	d-----w	C:\Users\marek\AppData\Roaming\Azureus2008-09-01 06:59	---------	d-----w	C:\ProgramData\SysSetSmart2008-09-01 06:59	---------	d-----w	C:\ProgramData\strcmd2008-08-22 17:36	---------	d-----w	C:\Program Files\SopCast2008-08-16 06:23	---------	d-----w	C:\Program Files\Windows Mail2008-07-24 08:20	---------	d-----w	C:\Program Files\Mozilla Thunderbird2008-07-22 06:04	---------	d-----w	C:\Program Files\NAPI-PROJEKT2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe2008-07-15 23:48	2,048	----a-w	C:\Windows\System32\tzres.dll2008-07-09 15:04	174	--sha-w	C:\Program Files\desktop.ini2008-07-07 15:46	---------	d-----w	C:\Program Files\Azureus2008-07-01 06:54	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll2008-06-05 17:50	821,268	----a-w	C:\Windows\System32\~.tmp2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat2008-02-11 18:50	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat2008-02-11 18:50	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat.((((((((((((((((((((((((((((((((((((((((((((   Look   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))).---- Directory of C:\ProgramData\vgxedonk ----(((((((((((((((((((((((((((((   snapshot@2008-09-01_12.03.43.60   ))))))))))))))))))))))))))))))))))))))))).- 2008-09-01 09:39:41	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2008-09-01 12:27:44	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2008-09-01 09:39:41	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2008-09-01 12:27:44	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2008-09-01 09:42:03	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat+ 2008-09-01 12:29:58	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat+ 2008-09-01 12:29:58	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1- 2008-09-01 09:41:58	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat+ 2008-09-01 12:29:53	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat+ 2008-09-01 12:29:53	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1- 2008-09-01 09:39:42	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2008-09-01 12:33:40	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2008-09-01 09:39:42	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2008-09-01 12:33:40	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2008-09-01 09:39:42	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2008-09-01 12:33:40	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2008-08-17 16:38:20	103,924	----a-w	C:\Windows\System32\perfc009.dat+ 2008-09-01 12:39:15	103,924	----a-w	C:\Windows\System32\perfc009.dat- 2008-08-17 16:38:20	86,416	----a-w	C:\Windows\System32\perfc015.dat+ 2008-09-01 12:39:15	86,416	----a-w	C:\Windows\System32\perfc015.dat- 2008-08-17 16:38:20	610,142	----a-w	C:\Windows\System32\perfh009.dat+ 2008-09-01 12:39:15	610,142	----a-w	C:\Windows\System32\perfh009.dat- 2008-08-17 16:38:20	535,568	----a-w	C:\Windows\System32\perfh015.dat+ 2008-09-01 12:39:15	535,568	----a-w	C:\Windows\System32\perfh015.dat- 2008-09-01 09:42:24	11,212	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1551234583-1583357977-2871953267-1000_UserData.bin+ 2008-09-01 12:30:20	11,212	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1551234583-1583357977-2871953267-1000_UserData.bin- 2008-09-01 09:42:23	56,596	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2008-09-01 12:30:20	56,698	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin- 2008-09-01 09:42:21	45,270	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2008-09-01 12:30:19	45,428	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin.-- Snapshot reset to current date --.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 09:08 1232896]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 11:27 580096]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 3772416 C:\Windows\RtHDVCpl.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-21 09:33 219136]C:\Users\marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:54 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]2007-12-21 09:33 9216 C:\Windows\System32\avgwlntf.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll"msacm.ac3filter"= ac3filter.acm[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{0A0CE605-3E1F-4068-AE37-B365F30FF631}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{3E97AB0A-C25A-4CBF-83D8-761CF243428B}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"{8008C45E-F9E8-4C74-8CC3-2CE28B5C1D16}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"{34347669-33E1-4FB9-9C80-D8AEE9B2E2DB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza"TCP Query User{AA810357-0272-46A5-8947-CC85372E2C6C}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{5EAACF15-0ABA-4D4C-BF69-38D19D132F78}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{C8C88BCD-6F8F-49CF-9157-8F8280EDC3CF}C:\\program files\\tlen.pl\\tlen.exe"= UDP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"UDP Query User{98E16831-E60B-4DC1-BB4C-5C4B74722ACD}C:\\program files\\tlen.pl\\tlen.exe"= TCP:C:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl"TCP Query User{C851B21C-EDA1-4D6D-B12F-5AFE45138366}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"UDP Query User{5ED0C311-FAB4-4879-AB21-8341B899A9A4}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza"TCP Query User{EABCD770-F99A-4EC2-AF5A-EEC3905D7FC3}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{CD517FE9-52B5-4E7E-B66A-01F62E4182C5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{95D08E3A-82A5-44E2-A13B-DC9A0DDDA6ED}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule"UDP Query User{49BF37D2-69CB-4A86-89BA-744ACF1BA419}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule"TCP Query User{5AFBE8DF-7A05-4BE5-811E-7447624CBFD9}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= UDP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"UDP Query User{82971234-D630-4A98-B221-40A79E5B0811}C:\\users\\marek\\appdata\\local\\temp\\rar$ex00.240\\emule.exe"= TCP:C:\users\marek\appdata\local\temp\rar$ex00.240\emule.exe:emule.exe"TCP Query User{8781FA3D-8F24-46D0-8B0B-0F5336EF5D6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus"UDP Query User{50780195-EA9E-44DC-B82F-C81F109EACB4}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus"TCP Query User{0BC8A49A-92E8-4000-B299-4A30444784FD}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"UDP Query User{A89DD888-2EB9-460B-BA31-67F5B8186A01}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver"TCP Query User{8546DBBA-6666-4E07-91D4-D29B70CA9EAD}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"UDP Query User{B3C05C61-1400-4672-9493-3E8E4A8612BA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application"TCP Query User{3780B0B5-73EC-47EC-AFFA-4AFF97035809}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{18566339-F0F7-4BB0-ACD4-158F5A63764D}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"TCP Query User{B2911E93-A2C3-44F1-8F7A-EF50ACB09234}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= UDP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"UDP Query User{D94406E2-BAC8-416B-B360-51BBD01BB2E0}C:\\program files\\europlus+ angielski z cambridge\\data\\fscommand\\flchk.exe"= TCP:C:\program files\europlus+ angielski z cambridge\data\fscommand\flchk.exe:flchk"{330C9EC4-D048-4CA9-98F2-4B2EF9D4533D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{930C1390-8B2A-48CB-A508-16ADEFC9B173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{90C507BF-C447-4270-8BD9-2E7D81843CC9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{87C9E4F8-1EA9-4883-96B9-D8EEB36AF07D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{37500DAB-C35F-48DA-9581-94BE61A0BC02}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 19:52]R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:51]R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2006-12-20 12:18][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc.Contents of the 'Scheduled Tasks' folder.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-01 14:43:26Windows 6.0.6000  NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-09-01 14:45:23ComboFix-quarantined-files.txt  2008-09-01 12:44:43ComboFix2.txt  2008-09-01 12:17:09ComboFix3.txt  2008-09-01 10:05:03Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.Post-Run: 22,293,266,432 bajtów wolnych193	--- E O F ---	2008-08-29 05:34:58

//widzę, że bez warna się nie nauczysz, że logi wstawiamy w tagi CODE!

//sniper45

Atomic
komentarz
komentarz

OK a w takim razie czy reszta jest ok ?

Zniknęła mi sieć internetu bezprzewodowa..

Reszte już są czyste?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.