system
(system)
1 Maj 2008 15:41
#1
Witam wszystkich
Otóż mam taki problem że na mój komputer idą cały czas jakieś ataki
Niby mój program antywirusowy je blokuje ale zaniepokojony tym jestem , od czasu kiedy ataki nacierają na mnie dużo wolniej pracuje mi komputer , często sie zawiesza. Skanuje go prawie codziennie na początku wykrył mi ze 3-4 trojany teraz jest czysto .
Wiem że podobne wątki już były ale ja jestem kompletnie zielony i proszę o dokładne wytłumaczenie tej sprawy ( posiadam program ComboFix )
gdzieś usłyszałem że będzie potrzebny
Bardzo proszę o pomoc
Ps . Pisząc tego posta zaatakowało mnie jakieś 7-10 razy i zacięło mi sie ze 2 -3
system
(system)
1 Maj 2008 16:12
#3
Mój log był za długi wiec dam wam linka :
http://wklej.org/txt/7f1a79a3be
huber2t
(huber2t)
1 Maj 2008 16:27
#4
Daj nowego loga, gdyż ten jest pozbawiony ukośników
system
(system)
1 Maj 2008 18:13
#5
huber2t
(huber2t)
2 Maj 2008 02:34
#6
W tej części logu co mi dałeś jest czysto
Daj mi cały log a nie tylko początek
system
(system)
2 Maj 2008 09:14
#7
Nie wiem kurde jak
Tam sie nie cały wpisuje , a tu nie mogę wrzucić bo ma za dużo znaków
Ale coś sprobuje …
W dniu 02.05.2008 , o godzinie 11:14 został dopisany post przez axon
A może być log z HijackThis ?
huber2t
(huber2t)
2 Maj 2008 09:16
#8
Nie może być, zrób skan, zapisz na dysku cały raport, i pół raportu daj do jednego linka do wklej.org a drugie pół do drugiego
system
(system)
2 Maj 2008 09:43
#9
Ok , za jakieś 10 min będzie
W dniu 02.05.2008 , o godzinie 11:42 został dopisany post przez axon
ComboFix 08-05-01.1 - Kamil 2008-05-02 11:32:39.3 - NTFSx86 Running from: C:\Documents and Settings\Kamil\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-05-01 23:43 . 2008-05-01 23:43 2008-05-01 19:28 . 2008-05-01 19:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-01 19:27 . 2008-05-01 19:27 2008-04-29 22:06 . 2008-04-29 22:09 2008-04-29 18:31 . 2008-04-29 18:32 2008-04-26 19:39 . 2008-05-02 11:32 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-04-26 11:50 . 2008-04-26 11:50 2008-04-24 22:04 . 2008-04-24 22:04 2008-04-24 22:04 . 2008-04-24 22:30 2008-04-24 22:03 . 2008-04-24 22:23 2008-04-24 22:03 . 2008-04-24 22:21 2008-04-24 22:03 . 2008-04-24 22:23 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-24 22:03 . 2008-04-24 22:23 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-24 22:03 . 2008-04-24 22:23 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-04-24 22:03 . 2008-04-24 22:23 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-04-24 22:02 . 2008-05-01 19:29 2008-04-20 18:13 . 2008-04-20 18:14 2008-04-12 15:33 . 2008-04-12 15:33 2008-04-12 15:32 . 2008-04-12 15:37 2008-04-12 15:29 . 2008-04-12 15:31 2008-04-08 15:32 . 2008-04-08 15:32 2008-04-07 21:41 . 2008-04-07 21:41 2008-04-07 21:40 . 2008-04-07 21:40 98,927 --a------ C:\WINDOWS\hpqins16.dat 2008-04-07 15:14 . 2008-04-07 15:14 1,696 --a------ C:\users.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-03 07:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg7 2008-05-03 06:49 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\AVG7 2008-05-02 09:10 --------- d-----w C:\Program Files\Neostrada TP 2008-05-01 23:16 --------- d-----w C:\Program Files\PeerGuardian2 2008-05-01 20:00 --------- d-----w C:\Program Files\Steam 2008-05-01 18:32 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\teamspeak2 2008-05-01 17:31 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Skype 2008-05-01 17:21 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\skypePM 2008-05-01 17:15 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT 2008-05-01 17:15 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT 2008-04-27 08:12 --------- d-----w C:\Program Files\Odkurzacz 2008-04-24 18:58 --------- d-----w C:\Program Files\eMule 2008-04-23 20:14 --------- d-----w C:\Program Files\EA SPORTS 2008-04-23 20:10 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-04-23 09:24 --------- d-----w C:\Program Files\Electronic Arts 2008-04-09 18:45 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\Image Zone Express 2008-03-30 14:50 --------- d-----w C:\Program Files\Java 2008-03-29 21:28 --------- d-----w C:\Program Files\IZArc 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 14:07 --------- d-----w C:\Program Files\Sierra 2008-03-16 16:00 --------- d-----w C:\Documents and Settings\Kamil\Dane aplikacji\InstallShield 2008-03-16 15:48 --------- d-----w C:\Program Files\AGEIA Technologies 2008-03-16 15:47 --------- d-----w C:\Program Files\Netdevil 2008-03-16 15:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-15 20:28 --------- d-----w C:\Program Files\Common Files\DirectX 2008-03-15 19:49 --------- d-----w C:\Program Files\Aspyr Media, Inc 2008-03-06 19:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-06 19:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-06 19:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-03-02 13:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:32 668,672 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-08 20:12 691,545 ----a-w C:\WINDOWS\unins000.exe 2007-11-17 18:32 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((( snapshot_2008-05-01_18.01.37.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-01 15:11:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-02 09:09:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-04-24 22:25 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{ea455768-878f-4c0d-a5c9-2dba07a232a6}] 2007-02-01 16:14 1285144 --a------ C:\Program Files\multimedia\tbmult.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EA455768-878F-4C0D-A5C9-2DBA07A232A6}”= “C:\Program Files\multimedia\tbmult.dll” [2007-02-01 16:14 1285144] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ea455768-878f-4c0d-a5c9-2dba07a232a6}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EA455768-878F-4C0D-A5C9-2DBA07A232A6}”= C:\Program Files\multimedia\tbmult.dll [2007-02-01 16:14 1285144] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid{ea455768-878f-4c0d-a5c9-2dba07a232a6}] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488] “PeerGuardian”=“C:\Program Files\PeerGuardian2\pg2.exe” [2005-09-18 19:40 1421824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 09:33 20480] “WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2006-03-14 10:49 192512] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 02:41 8523776] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-12-05 02:41 81920] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 23:16 39792] “SoundMan”=“SOUNDMAN.EXE” [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 11:01 51048] “osCheck”=“C:\Program Files\Norton AntiVirus\osCheck.exe” [2007-08-24 22:53 714608] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.X264”= x264vfw.dll “VIDC.HFYU”= huffyuv.dll “vidc.i263”= i263_32.drv “vidc.yv12”= yv12vfw.dll “msacm.l3fhg”= mp3fhg.acm “msacm.imc”= imc32.acm “msacm.l3codec”= l3codecp.acm W dniu 02.05.2008, o godzinie 11:43 został dopisany post przez axon [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^NkbMonitor.exe.lnk] backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NkbMonitor.exe.lnk [HKLM~\startupfolder\C:^Documents and Settings^Kamil^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Kamil\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray] --------- 2005-10-27 12:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --------- 2006-03-23 18:06 1398272 C:\Program Files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2006-02-10 22:40 2048000 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] --a------ 2008-01-04 13:02 265216 C:\Program Files\Odkurzacz\odk_mcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odk_mcd] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] -ra------ 2005-06-20 12:53 1056768 C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --a------ 2005-07-21 09:33 53248 C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\eMule\emule.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”= “C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”= “C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “C:\Program Files\NAPI-PROJEKT\napisy.exe”= “C:\CS1.6 pod-Bot\hl.exe”= “C:\CS1.6 pod-Bot\hlds.exe”= “C:\CS1.6 pod-Bot\hltv.exe”= “C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe”= “C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe”= “C:\Program Files\Steam\Steam.exe”= “C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “9009:TCP”= 9009:TCP:BitComet 9009 TCP “9009:UDP”= 9009:UDP:BitComet 9009 UDP R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-12-07 12:13] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-12-07 12:10] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39] R2 LiveUpdate Notice;LiveUpdate Notice;“C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon [] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-01-11 08:34] R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 20:27] R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 20:27] R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 20:28] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-02-27 16:14] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 07:45] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “C:\Program Files\Common Files\LightScribe\LSRunOnce.exe” . Contents of the ‘Scheduled Tasks’ folder “2008-04-28 18:00:57 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Kamil.job” - C:\Program Files\Norton AntiVirus\Navw32.exef/TASK: . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 11:36:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-02 11:40:01 ComboFix-quarantined-files.txt 2008-05-02 09:39:55 ComboFix2.txt 2008-05-01 16:02:34 Pre-Run: 18,701,131,776 bajtów wolnych Post-Run: 18,777,563,136 bajtów wolnych 249 — E O F — 2008-04-27 07:49:24
huber2t
(huber2t)
2 Maj 2008 09:44
#10
W logu nic nie widać
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Optymalizacja autostartu
Optymalizacja xp
Usuń ręcznie folder C: \Qoobox
usuń instalkę Combofix z dysku.
system
(system)
2 Maj 2008 09:49
#11
Podczas usuwania quobox wyświetliło mi że nie można usunąć tego pliku
W tym samym czasie norton napisal że jest zagrożone bezpieczeństwo …
huber2t
(huber2t)
2 Maj 2008 09:51
#12
Bo w tym folderze sa kopie bezp. usuniętych plików przez combofix, są to wirusy
Usuń ten folder unlockerem lub kiilboxem
Gutek
(Gutek)
2 Maj 2008 13:15
#13
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350