Antivirus xp 2008

lukei · 4 Lipiec 2008 20:24

witajcie mam problem z tym virusem czy moglby mi ktos pomoc

Gutek · 5 Lipiec 2008 00:34

Daj log z ComboFix

lukei · 5 Lipiec 2008 22:41

a gdzie ten log mi sie zapisal bo na pulpicie nie moge go znalesc

jak to jest ten log

ComboFix 08-07-04.6 - Lukei 2008-07-05 18:13:00.1 - NTFSx86

Running from: C:\Documents and Settings\Lukei.BIOHAZAR-\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk

C:\Documents and Settings\Lukei.BIOHAZAR-\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk

C:\Documents and Settings\Lukei.BIOHAZAR-\Application Data\shcab7j0e92t

C:\Program Files\rhc9b7j0e92t

C:\Program Files\shcab7j0e92t

C:\WINDOWS\evrb.exe

C:\WINDOWS\system32\blphccb7j0e92t.scr

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\system32\lphccb7j0e92t.exe

C:\WINDOWS\system32\phccb7j0e92t.bmp

.

((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))

.

2008-07-04 14:45 . 2008-07-04 14:45

2008-07-04 03:19 . 2008-07-04 04:01

2008-07-04 03:06 . 2008-07-04 03:06 1,169 --a------ C:\WINDOWS\mozver.dat

2008-07-04 02:34 . 2008-07-04 01:59 352,256 --a------ C:\WINDOWS\kgqfweltbas.dll

2008-07-04 02:34 . 2008-07-04 01:59 286,720 --a------ C:\WINDOWS\okmdepgb.dll

2008-07-04 02:34 . 2008-07-04 01:59 258,048 --a------ C:\WINDOWS\axrfgvek.dll

2008-07-04 02:34 . 2008-07-04 01:59 188,416 --a------ C:\WINDOWS\nqgpedlr.dll

2008-07-04 02:34 . 2008-07-04 01:59 94,208 --a------ C:\WINDOWS\mrvtdpqe.exe

2008-07-03 15:05 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-07-03 14:59 . 2008-07-03 16:29

2008-07-02 20:54 . 2007-02-28 05:53 2,137,600 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-07-02 20:53 . 2007-02-28 05:55 2,182,144 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-07-02 20:53 . 2007-02-28 05:15 2,017,280 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-07-02 20:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-02 20:46 . 2008-06-13 09:10 272,128 -----c— C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-02 16:36 . 2008-07-02 16:36

2008-07-02 15:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-07-02 15:33 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-07-02 15:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-07-02 15:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-07-02 15:33 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-07-02 15:33 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-07-01 21:35 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys

2008-07-01 21:34 . 2008-07-01 21:34

2008-07-01 21:34 . 2008-07-02 15:42

2008-07-01 21:34 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll

2008-07-01 21:34 . 2004-07-22 02:27 279,624 -ra------ C:\WINDOWS\system32\mcgdmgr.dll

2008-07-01 21:30 . 2008-07-04 03:16

2008-07-01 21:30 . 2008-07-01 21:30

2008-07-01 21:29 . 2008-07-01 21:29

2008-07-01 20:40 . 2008-07-01 20:40

2008-07-01 20:35 . 2008-07-01 20:35 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-07-01 18:55 . 2008-07-01 18:55

2008-07-01 18:52 . 2008-07-01 18:52

2008-06-30 21:33 . 2008-06-30 21:33

2008-06-30 21:21 . 2008-07-04 15:13

2008-06-30 21:17 . 2008-06-30 21:17

2008-06-30 16:44 . 2008-06-30 16:44

2008-06-30 16:38 . 2008-07-01 20:10

2008-06-30 16:38 . 2003-10-28 06:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-06-30 16:38 . 2008-07-04 17:25 1,017 --a------ C:\WINDOWS\winamp.ini

2008-06-30 16:33 . 2008-06-30 16:33

2008-06-30 16:32 . 2008-06-30 16:32 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-30 16:27 . 2008-06-30 16:27

2008-06-29 14:25 . 2008-06-29 14:25

2008-06-29 14:11 . 2008-06-29 14:11

2008-06-29 14:11 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\rt61.sys

2008-06-29 14:11 . 2005-10-27 15:06 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys

2008-06-29 14:11 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\rt2500.sys

2008-06-29 14:11 . 2008-06-29 14:11 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

2008-06-29 14:11 . 2005-11-07 03:51 7,878 --a------ C:\WINDOWS\system32\RT2500.CAT

2008-06-29 14:11 . 2005-11-09 04:41 7,870 --a------ C:\WINDOWS\system32\rt61.cat

2008-06-29 14:11 . 2008-06-29 14:11 890 --a------ C:\WINDOWS\system32\WLAN.INI

2008-06-29 13:51 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll

2008-06-29 13:51 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD

2008-06-29 13:51 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys

2008-06-29 13:51 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys

2008-06-29 13:51 . 2005-02-01 18:18 17,992 --a------ C:\WINDOWS\bcm42rly.sys

2008-06-29 13:51 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys

2008-06-29 13:24 . 2008-06-29 14:25

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-02 01:25 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-06-29 00:28 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-08 12:14 203,008 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{AC7B3BBC-2151-41DD-B2F2-4E86F5597BF3}]

2008-07-04 01:59 352256 --a------ C:\WINDOWS\kgqfweltbas.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}]

2006-08-17 17:30 242040 --a------ C:\Program Files\DAEMON Tools SearchBar\search.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 18:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VSOCheckTask”=“c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe” [2004-07-01 15:15 139264]

“VirusScan Online”=“c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe” [2004-08-17 16:55 180224]

“MCAgentExe”=“c:\PROGRA~1\mcafee.com\agent\mcagent.exe” [2005-09-22 18:29 303104]

“MCUpdateExe”=“C:\PROGRA~1\mcafee.com\agent\mcupdate.exe” [2006-01-11 12:05 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

*Newly Created Service* - CATCHME

*Newly Created Service* - GTNDIS5

.

Contents of the ‘Scheduled Tasks’ folder

“2008-07-05 21:56:41 C:\WINDOWS\Tasks\XoftSpySE 2.job”

C:\Program Files\XoftSpySE\XoftSpy.exe

“2008-07-05 07:00:00 C:\WINDOWS\Tasks\XoftSpySE.job”

C:\Program Files\XoftSpySE\XoftSpy.exe

.

- - - ORPHANS REMOVED - - - -

HKLM-Run-lphccb7j0e92t - C:\WINDOWS\system32\lphccb7j0e92t.exe

HKLM-Run-SMrhc9b7j0e92t - C:\Program Files\rhc9b7j0e92t\rhc9b7j0e92t.exe

HKLM-Run-SMshcab7j0e92t - C:\Program Files\shcab7j0e92t\shcab7j0e92t.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-05 18:23:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-05 18:26:51

Leon1 · 5 Lipiec 2008 23:27

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

lukei · 6 Lipiec 2008 18:50

ComboFix 08-07-04.6 - Lukei 2008-07-06 14:03:18.2 - NTFSx86

Running from: C:\Documents and Settings\Lukei.BIOHAZAR-\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lukei.BIOHAZAR-\Desktop\CFScript.txt

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\axrfgvek.dll

C:\WINDOWS\kgqfweltbas.dll

C:\WINDOWS\mrvtdpqe.exe

C:\WINDOWS\nqgpedlr.dll

C:\WINDOWS\okmdepgb.dll

.