joddo utworzono 14 grudnia 2008 utworzono 14 grudnia 2008 Kiedy wyłączam laptopa na sam koniec pokazuje mi niebieski ekran i błąd c000021a. Jedyny sposób na wyłączenie to przytrzymanie przycisku "power". Zaczął mi ten błąd wyskakiwać po ataku wirusa, gdzie usunął jakiś systemowy plik. Czy ktoś mógłby im pomóc? log z HiJack'a Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:48:24 PM, on 12/14/2008Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exec:\Program Files\Alwil Software\Avast4\aswUpdSv.exec:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\WINDOWS\SMINST\Scheduler.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\vsnpstd.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DAEMON Tools Pro\DTProAgent.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Documents and Settings\user\Menu Start\Programy\Autostart\Ad-aware Updater.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXEC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Alwil Software\Avast4\ashMaiSv.exec:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\WINDOWS\System32\svchost.exeD:\Program Files\Opera\opera.exeC:\Documents and Settings\user\Pulpit\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1czaO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exeO4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exeO4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] c:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Ad-aware Updater.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Download with GetRight - d:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open with GetRight Browser - d:\Program Files\GetRight\GRbrowse.htmO8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxO16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8EC25E95-9D36-4CD6-897C-85313D7C34D3}: NameServer = 192.168.1.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - c:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - c:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe--End of file - 8268 bytes
Gość komentarz 15 grudnia 2008 komentarz 15 grudnia 2008 O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dllR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked. Daj log z ComboFixa.
joddo komentarz 15 grudnia 2008 Autor komentarz 15 grudnia 2008 Dziękuje za szybką odpowiedź w/w logi w skasowałem. Zamieszczam log z combofix''a : i mam pytanie co usunął mi combofix? ComboFix 08-12-14.05 - user 2008-12-15 15:07:43.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2562 [GMT 1:00]Uruchomiony z: c:\documents and settings\user\Pulpit\Combofix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdbc:\windows\system32\Cfx32.licc:\windows\system32\cfx32.ocx.((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 ))))))))))))))))))))))))))))))).2008-12-15 11:43 . 2008-12-15 11:43 <DIR> d-------- c:\windows\system32\URTTEMP2008-12-15 11:38 . 2008-12-15 11:38 <DIR> d-------- c:\windows\San Andreas Mod Installer2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Debugging Tools for Windows (x86)2008-12-14 19:23 . 2008-12-14 19:39 <DIR> d-------- c:\program files\Registry Clean Expert2008-12-13 14:53 . 2005-02-26 06:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll2008-12-13 00:21 . 2008-12-13 00:21 177 --a------ C:\ioSpecial.ini2008-12-11 13:49 . 2008-12-11 13:49 39,424 --a------ c:\windows\system32\wineak32.dll2008-12-04 19:55 . 2008-12-04 19:55 <DIR> d-------- c:\program files\Audacity2008-12-03 17:33 . 2008-12-03 17:33 642 --a------ c:\windows\PhotoBrush.INI2008-12-01 22:27 . 2008-12-10 18:40 83 --a------ c:\windows\WWP.INI2008-11-26 14:40 . 2008-11-26 18:45 233 --a------ c:\windows\ACTIVEJP.INI2008-11-25 18:59 . 2008-11-25 18:59 68 --a------ c:\windows\Wininit.INI2008-11-25 13:05 . 2001-08-18 06:36 8,704 --a------ c:\windows\system32\kbdjpn.dll2008-11-25 13:05 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll2008-11-25 13:05 . 2001-08-18 06:36 8,192 --a------ c:\windows\system32\kbdkor.dll2008-11-25 13:05 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll2008-11-25 13:05 . 2008-04-14 22:39 6,144 --a------ c:\windows\system32\kbd106.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll2008-11-25 13:05 . 2008-04-14 22:39 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll2008-11-25 13:05 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll2008-11-25 13:05 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll2008-11-24 11:43 . 2008-11-24 11:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-24 11:35 . 2008-11-24 11:35 427 --a------ c:\windows\ODBC.INI2008-11-24 11:34 . 2008-11-24 11:34 <DIR> d-------- c:\windows\ShellNew2008-11-24 09:31 . 2008-11-24 11:44 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Nero2008-11-23 20:59 . 2008-11-23 20:59 4,767 --a------ c:\windows\Irremote.ini2008-11-23 20:56 . 2008-11-23 20:56 <DIR> d-------- c:\program files\Windows Sidebar2008-11-23 20:42 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Nero2008-11-23 20:41 . 2008-11-23 21:13 <DIR> d-------- c:\program files\Common Files\Nero2008-11-23 20:41 . 2008-11-23 20:41 <DIR> d-------- c:\program files\Common Files\LightScribe2008-11-23 20:41 . 2008-11-23 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-12 23:31 --------- d-----w c:\program files\Windows Media Connect 22008-12-12 23:23 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-12 23:21 --------- d-----w c:\program files\Common Files\Onet.pl2008-12-09 18:04 --------- d-----w c:\documents and settings\user\Dane aplikacji\GetRight2008-11-24 10:55 --------- d-----w c:\program files\Ahead2008-11-24 10:54 --------- d-----w c:\program files\Common Files\Ahead2008-11-13 19:06 --------- d-----w c:\program files\Matroska Pack2008-11-03 20:55 --------- d-----w c:\documents and settings\user\Dane aplikacji\Skype2008-11-03 15:06 --------- d-----w c:\documents and settings\user\Dane aplikacji\skypePM2008-11-03 06:29 --------- d-----w c:\program files\MSXML 4.02008-11-02 11:57 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Age of Empires 32008-11-02 10:22 --------- d-----w c:\program files\Common Files\InstallShield2008-10-31 10:19 --------- d-----w c:\program files\BearShare2008-10-30 18:23 --------- d-----w c:\documents and settings\user\Dane aplikacji\Hamachi2008-10-28 21:30 --------- d-----w c:\program files\Wondershare2008-10-28 21:29 --------- d-----w c:\program files\Common Files\Download Manager2008-10-28 19:20 --------- d-----w c:\documents and settings\user\Dane aplikacji\Nowe Gadu-Gadu2008-10-26 08:37 --------- d-----w c:\program files\ALLPlayer2008-10-25 21:23 --------- d-----w c:\program files\Common Files\DirectX2008-10-24 11:41 13,312 ----a-w c:\windows\system32\svrapi.dll2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-24 08:26 --------- d-----w c:\program files\MarLab2008-10-23 19:54 --------- d-----w c:\documents and settings\user\Dane aplikacji\Leadertech2008-10-23 18:22 --------- d-----w c:\program files\ePSXe InPCP2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll2008-10-22 17:01 --------- d-----w c:\documents and settings\user\Dane aplikacji\HTML Executable2008-10-20 22:19 --------- d-----w c:\program files\xp-AntiSpy2008-10-20 22:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft2008-10-20 22:10 --------- d-----w c:\program files\Lavasoft2008-10-20 22:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-10-20 16:27 --------- d-----w c:\program files\Skype2008-10-20 16:27 --------- d-----w c:\program files\Common Files\Skype2008-10-20 16:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype2008-10-17 17:12 --------- d-----w c:\program files\VID_0E8F&PID_00032008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll2008-10-16 19:17 --------- d-----w c:\program files\Synaptics2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-09-29 20:39 98,304 ----a-w c:\windows\system32\CmdLineExt.dll2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe2008-11-14 11:34 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-11-14 11:34 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-11-14 11:34 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-11-14 11:34 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-11-14 11:34 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]c:\documents and settings\user\Menu Start\Programy\Autostart\Ad-aware Updater.exe [2008-10-12 30508]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu65.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^VirtualExpander.lnk]path=c:\documents and settings\user\Menu Start\Programy\Autostart\VirtualExpander.lnkbackup=c:\windows\pss\VirtualExpander.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--------- 2006-03-14 03:06 1397760 c:\program files\Ahead\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]--a------ 2006-02-20 10:40 245760 d:\program files\lg_fwupdate\fwupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]--a------ 2008-07-07 08:34 167936 d:\program files\PowerISO\PWRISOVM.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]--a------ 2008-12-14 19:39 605944 c:\program files\Registry Clean Expert\RCHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\SMINST\\Scheduler.exe"="c:\\Program Files\\DAEMON Tools Pro\\DTPro.exe"="c:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="d:\\rc\\RAL.EXE"="d:\\Program Files\\Opera\\opera.exe"="d:\\Program Files\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="d:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\winver.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-10 111184]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-10 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-09-04 193840]S0 Winmu65;Winmu65;c:\windows\system32\Drivers\Winmu65.sys []S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{006517e8-bbc3-11dd-a899-0021002e1a83}]\Shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe\Shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\lin32.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32ca528c-a5d6-11dd-a83c-0021002e1a83}]\Shell\AutoRun\command - I:\xih9.cmd\Shell\explore\Command - I:\xih9.cmd\Shell\open\Command - I:\xih9.cmd*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".- - - - USUNIĘTO PUSTE WPISY - - - -ShellIconOverlayIdentifiers-{E4000AC4-5E5F-4956-807A-C5854405D64F} - %SystemRoot%\system32\VirtualExpander\VEShellExt.dll.------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: Download with GetRight - d:\program files\GetRight\GRdownload.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: Open with GetRight Browser - d:\program files\GetRight\GRbrowse.htmIE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTCP: {8EC25E95-9D36-4CD6-897C-85313D7C34D3} = 192.168.1.1c:\windows\Downloaded Program Files\OnetInstalator012s.ocx - O16 -: {631FF594-EC25-4CFF-B869-402DF294E1D6}hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxFF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\wgbwea50.default\.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 15:08:42Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(948)c:\windows\system32\Ati2evxx.dllc:\windows\system32\wineak32.dll.Czas ukończenia: 2008-12-15 15:10:12ComboFix-quarantined-files.txt 2008-12-15 14:09:12Przed: 28,643,975,168 bajtów wolnychPo: 28,636,655,616 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect237 --- E O F --- 2008-12-12 02:02:26
Mateusz J. komentarz 15 grudnia 2008 komentarz 15 grudnia 2008 ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))). c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\Cfx32.lic c:\windows\system32\cfx32.ocx To usunął.Do notatnika wklej: File::c:\windows\system32\wineak32.dllRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
joddo komentarz 16 grudnia 2008 Autor komentarz 16 grudnia 2008 Bardzo dziękuje za to że pomagacie. A co tamte usunięte pliki robiły? To log po zrobieniu tego co kazałaś. ComboFix 08-12-14.05 - user 2008-12-15 18:22:26.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3071.2506 [GMT 1:00]Uruchomiony z: c:\documents and settings\user\Pulpit\Combofix.exeUżyto następujących komend :: c:\documents and settings\user\Pulpit\CFScript.txt * Utworzono nowy punkt przywracaniaFILE ::c:\windows\system32\wineak32.dll.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\wineak32.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 ))))))))))))))))))))))))))))))).2008-12-15 11:43 . 2008-12-15 11:43 <DIR> d-------- c:\windows\system32\URTTEMP2008-12-15 11:38 . 2008-12-15 11:38 <DIR> d-------- c:\windows\San Andreas Mod Installer2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Debugging Tools for Windows (x86)2008-12-14 19:23 . 2008-12-14 19:39 <DIR> d-------- c:\program files\Registry Clean Expert2008-12-13 14:53 . 2005-02-26 06:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll2008-12-13 00:21 . 2008-12-13 00:21 177 --a------ C:\ioSpecial.ini2008-12-04 19:55 . 2008-12-04 19:55 <DIR> d-------- c:\program files\Audacity2008-12-03 17:33 . 2008-12-03 17:33 642 --a------ c:\windows\PhotoBrush.INI2008-12-01 22:27 . 2008-12-10 18:40 83 --a------ c:\windows\WWP.INI2008-11-26 14:40 . 2008-11-26 18:45 233 --a------ c:\windows\ACTIVEJP.INI2008-11-25 18:59 . 2008-11-25 18:59 68 --a------ c:\windows\Wininit.INI2008-11-25 13:05 . 2001-08-18 06:36 8,704 --a------ c:\windows\system32\kbdjpn.dll2008-11-25 13:05 . 2001-08-18 06:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll2008-11-25 13:05 . 2001-08-18 06:36 8,192 --a------ c:\windows\system32\kbdkor.dll2008-11-25 13:05 . 2001-08-18 06:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll2008-11-25 13:05 . 2008-04-14 22:39 6,144 --a------ c:\windows\system32\kbd106.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll2008-11-25 13:05 . 2008-04-14 22:39 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll2008-11-25 13:05 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll2008-11-25 13:05 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll2008-11-25 13:05 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll2008-11-24 11:43 . 2008-11-24 11:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\LightScribe2008-11-24 11:35 . 2008-11-24 11:35 427 --a------ c:\windows\ODBC.INI2008-11-24 11:34 . 2008-11-24 11:34 <DIR> d-------- c:\windows\ShellNew2008-11-24 09:31 . 2008-11-24 11:44 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Nero2008-11-23 20:59 . 2008-11-23 20:59 4,767 --a------ c:\windows\Irremote.ini2008-11-23 20:56 . 2008-11-23 20:56 <DIR> d-------- c:\program files\Windows Sidebar2008-11-23 20:42 . 2008-11-23 20:58 <DIR> d-------- c:\program files\Nero2008-11-23 20:41 . 2008-11-23 21:13 <DIR> d-------- c:\program files\Common Files\Nero2008-11-23 20:41 . 2008-11-23 20:41 <DIR> d-------- c:\program files\Common Files\LightScribe2008-11-23 20:41 . 2008-11-23 20:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-12 23:31 --------- d-----w c:\program files\Windows Media Connect 22008-12-12 23:23 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-12 23:21 --------- d-----w c:\program files\Common Files\Onet.pl2008-12-09 18:04 --------- d-----w c:\documents and settings\user\Dane aplikacji\GetRight2008-11-24 10:55 --------- d-----w c:\program files\Ahead2008-11-24 10:54 --------- d-----w c:\program files\Common Files\Ahead2008-11-13 19:06 --------- d-----w c:\program files\Matroska Pack2008-11-03 20:55 --------- d-----w c:\documents and settings\user\Dane aplikacji\Skype2008-11-03 15:06 --------- d-----w c:\documents and settings\user\Dane aplikacji\skypePM2008-11-03 06:29 --------- d-----w c:\program files\MSXML 4.02008-11-02 11:57 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Age of Empires 32008-11-02 10:22 --------- d-----w c:\program files\Common Files\InstallShield2008-10-31 10:19 --------- d-----w c:\program files\BearShare2008-10-30 18:23 --------- d-----w c:\documents and settings\user\Dane aplikacji\Hamachi2008-10-28 21:30 --------- d-----w c:\program files\Wondershare2008-10-28 21:29 --------- d-----w c:\program files\Common Files\Download Manager2008-10-28 19:20 --------- d-----w c:\documents and settings\user\Dane aplikacji\Nowe Gadu-Gadu2008-10-26 08:37 --------- d-----w c:\program files\ALLPlayer2008-10-25 21:23 --------- d-----w c:\program files\Common Files\DirectX2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-24 08:26 --------- d-----w c:\program files\MarLab2008-10-23 19:54 --------- d-----w c:\documents and settings\user\Dane aplikacji\Leadertech2008-10-23 18:22 --------- d-----w c:\program files\ePSXe InPCP2008-10-22 17:01 --------- d-----w c:\documents and settings\user\Dane aplikacji\HTML Executable2008-10-20 22:19 --------- d-----w c:\program files\xp-AntiSpy2008-10-20 22:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft2008-10-20 22:10 --------- d-----w c:\program files\Lavasoft2008-10-20 22:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-10-20 16:27 --------- d-----w c:\program files\Skype2008-10-20 16:27 --------- d-----w c:\program files\Common Files\Skype2008-10-20 16:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype2008-10-17 17:12 --------- d-----w c:\program files\VID_0E8F&PID_00032008-10-16 19:17 --------- d-----w c:\program files\Synaptics2004-10-01 13:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe2008-11-14 11:34 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll2008-11-14 11:34 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll2008-11-14 11:34 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll2008-11-14 11:34 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll2008-11-14 11:34 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll.((((((((((((((((((((((((((((( snapshot@2008-12-15_15.08.54.33 ))))))))))))))))))))))))))))))))))))))))).+ 2008-12-15 17:25:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7fc.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]c:\documents and settings\user\Menu Start\Programy\Autostart\Ad-aware Updater.exe [2008-10-12 30508]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu65.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^user^Menu Start^Programy^Autostart^VirtualExpander.lnk]path=c:\documents and settings\user\Menu Start\Programy\Autostart\VirtualExpander.lnkbackup=c:\windows\pss\VirtualExpander.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]--------- 2006-03-14 03:06 1397760 c:\program files\Ahead\InCD\InCD.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]--a------ 2006-02-20 10:40 245760 d:\program files\lg_fwupdate\fwupdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]--a------ 2008-07-07 08:34 167936 d:\program files\PowerISO\PWRISOVM.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]--a------ 2008-12-14 19:39 605944 c:\program files\Registry Clean Expert\RCHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\SMINST\\Scheduler.exe"="c:\\Program Files\\DAEMON Tools Pro\\DTPro.exe"="c:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="d:\\rc\\RAL.EXE"="d:\\Program Files\\Opera\\opera.exe"="d:\\Program Files\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="d:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\winver.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]"AllowInboundEchoRequest"= 1 (0x1)R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-10 111184]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-10 20560]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-09-04 193840]S0 Winmu65;Winmu65;c:\windows\system32\Drivers\Winmu65.sys []S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".- - - - USUNIĘTO PUSTE WPISY - - - -Notify-wineak32 - wineak32.dll.------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: Download with GetRight - d:\program files\GetRight\GRdownload.htmIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: Open with GetRight Browser - d:\program files\GetRight\GRbrowse.htmIE: Wyślij do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmTCP: {8EC25E95-9D36-4CD6-897C-85313D7C34D3} = 192.168.1.1c:\windows\Downloaded Program Files\OnetInstalator012s.ocx - O16 -: {631FF594-EC25-4CFF-B869-402DF294E1D6}hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxFF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\wgbwea50.default\.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 18:26:04Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(952)c:\windows\system32\Ati2evxx.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\program files\Ahead\InCD\InCDsrv.exec:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\windows\system32\ati2evxx.exec:\program files\Lavasoft\Ad-Aware\aawservice.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\windows\system32\agrsmsvc.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Alwil Software\Avast4\ashMaiSv.exec:\program files\Alwil Software\Avast4\ashWebSv.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exec:\program files\Hewlett-Packard\Shared\hpqwmiex.exec:\documents and settings\user\Menu Start\Programy\Autostart\Ad-aware Updater.exec:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe.**************************************************************************.Czas ukończenia: 2008-12-15 18:29:03 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-12-15 17:28:09ComboFix2.txt 2008-12-15 14:10:13Przed: 28,639,629,312 bajtów wolnychPo: 28,633,923,584 bajtów wolnych231 --- E O F --- 2008-12-12 02:02:26 Dopiero teraz udało mi się znaleźć, w tamtym czasie usunęły mi sie tylko dwa pliki leżące w: c:\windows\system32\drivers\Winmu65.sys i c:\windows\system32\Winctrl32.dll . znalazłem informację że wg google winctrl32.dll to wirus. ale nie mogę nic znaleźć na winmu65.sys może to dlatego komputer wyświetla ten błąd? Udało się !! Bardzo wam dziękuje za pomoc !!!! ::D Po użyciu combofixa tego ostatniego jeszcze raz się nie chciał wyłączyć. ale teraz już się wyłącza normalnie!! DZIĘKUJE WAM WSZYSTKO ZA POMOC:) // Logi wstawiamy w tagi CODE!!!! // djarta
Gość komentarz 16 grudnia 2008 komentarz 16 grudnia 2008 Została do usunięcia jeszcze jedna usługa.! Wklej do Notatnika: Driver::Winmu65Registry::[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmu65.sys] Robisz to samo co poprzednio. Użyj tego programu ---> Dr.WEB CureIt!.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.