pasquali
(pasquali)
17 Wrzesień 2008 18:33
#1
Wiem ze to syf ale nie chce podejmowac sam dzialan.
Log z Hijacka:
http://wklejto.pl/10251
Leon1
(Leon$)
17 Wrzesień 2008 19:09
#2
wpisy
usuń HijackThisem >> Fix checked
Pobierz program SDFix
pasquali
(pasquali)
18 Wrzesień 2008 14:14
#3
SDFix: Version 1.226 Run by Administrator on Thu 09/18/2008 at 09:57 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\TFTP176 - Deleted C:\WINDOWS\system32\TFTP1888 - Deleted C:\WINDOWS\system32\TFTP2668 - Deleted C:\WINDOWS\system32\TFTP2936 - Deleted C:\WINDOWS\system32\TFTP3736 - Deleted C:\WINDOWS\system32\TFTP608 - Deleted C:\WINDOWS\system32\i - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-18 10:05:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “C:\Premier2007\Myobp.exe”=“C:\Premier2007\Myobp.exe:*:Enabled:+ MYOB Premier Accounting 2007 (v16) +” “C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger” “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" “C:\Program Files\FedEx\ShipManager\BIN\BRIDGESERVER.EXE”=“C:\Program Files\FedEx\ShipManager\BIN\BRIDGESERVER.EXE:*:Enabled:BRIDGESERVER” “C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.External.Verifi.Service.exe”=“C:\Program Files\FedEx\ShipManager\BIN\FedEx.Gsm.External.Verifi.Service.exe:*:Enabled:Verifi” “C:\Program Files\FedEx\ShipManager\BIN\POC.EXE”=“C:\Program Files\FedEx\ShipManager\BIN\POC.EXE:*:Enabled:POC” “C:\Program Files\FedEx\ShipManager\ASA\WIN32\DBENG9.EXE”=“C:\Program Files\FedEx\ShipManager\ASA\WIN32\DBENG9.EXE:*:Enabled:DbEng9” “C:\Program Files\FedEx\ShipManager\ASA\WIN32\DBSRV9.EXE”=“C:\Program Files\FedEx\ShipManager\ASA\WIN32\DBSRV9.EXE:*:Enabled:DBSRV9” “C:\Program Files\Grisoft\AVG Free\avginet.exe”=“C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe” “C:\Program Files\AVG\AVG8\avgemc.exe”=“C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe” “C:\Program Files\AVG\AVG8\avgupd.exe”=“C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 7 Jul 2008 1,429,840 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe” Mon 7 Jul 2008 4,891,472 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” Mon 18 Aug 2008 1,832,272 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” Finished!
Mam jezcze pytanie, ja te wpisy w HOSTS file sam dodawalem to czy musialem je tak naprawde usuwac?
Leon1
(Leon$)
18 Wrzesień 2008 16:10
#6
Log wygląda na czysty
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE
lub
Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5
huber2t
(huber2t)
18 Wrzesień 2008 16:12
#7
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
Dr.WEB CureIt!
huber2t
(huber2t)
20 Wrzesień 2008 04:31
#9
Usuń pliki z tego folderu:
Pobierz The Avenger
wklej do niego ten tekst:
Files to delete:
C:\Documents and Settings\Irena\Desktop\instals\SDFix.exe
C:\Program Files\EarthLink Setup\Windows\access\EarthLink Setup.msi
Folders to delete:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP941
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
pasquali
(pasquali)
22 Wrzesień 2008 13:48
#10
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\Irena\Desktop\instals\SDFix.exe" deleted successfully.
Error: file "C:\Program Files\EarthLink Setup\Windows\access\EarthLink Setup.msi" not found!
Deletion of file "C:\Program Files\EarthLink Setup\Windows\access\EarthLink Setup.msi" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Folder "C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP941" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.