kubik
(Kubickikamil)
21 Sierpień 2007 14:55
#1
Ciagle pojawiajace sie bledy -typu error…exe przy starcie systemu, dziwna praca kompa - skanowalem antywirem, ale nic nie wykryl, czy czeka mnie zatem reinstalacja systemu? hmm licze na was, a noz cos tam siedzi…? Dzieki za weryfikacje loga
Logfile of HijackThis v1.99.1 Scan saved at 16:49:56, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Microsoft SQL Server\MSSQL$EZEEFD\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program Files\VERITAS Software\Update Manager\sgtray.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe C:\Program Files\hp center\137903\Program\BackWeb-137903.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Propriétaire\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr7.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM…\Run: [KYE_Showicon] “C:\Program Files\USB Storage RW\shwicon.exe” -t"KYE\USB Storage RW" O4 - HKLM…\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM…\Run: [storageGuard] “C:\Program Files\VERITAS Software\Update Manager\sgtray.exe” /r O4 - HKLM…\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM…\Run: [nwiz] nwiz.exe /installquiet /keeploaded O4 - HKLM…\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM…\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM…\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU…\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [AWMON] “C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ? O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … 0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 6649740906 O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://213.70.229.154/tsweb/msrdp.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
Gutek
(Gutek)
21 Sierpień 2007 16:17
#2
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Daj log z ComboFix
kubik
(Kubickikamil)
21 Sierpień 2007 16:47
#3
ComboFix 07-08-17.2 - “Propri‚taire” 2007-08-21 18:39:12.1 - NTFSx86 Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.393 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\hldrrr.exe D:\Autorun.inf ((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 ))))))))))))))))))))))))))))))) 2007-08-21 18:38 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-18 08:28 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll 2007-08-18 08:27 d-------- C:\Program Files\ABBYY PDF Transformer 2.0 2007-08-18 07:25 d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss 2007-08-08 18:43 194,384 --a------ C:\WINDOWS\system32\trusted.exe 2007-08-08 18:43 d-------- C:\WINDOWS\exefnd 2007-08-07 21:09 d-------- C:\Program Files\ASI 2007-08-06 22:42 d-------- C:\Program Files\eZee 2007-08-04 08:30 d-------- C:\LOLA SANTANA 2007-08-04 08:23 d-------- C:\fidelio 2007-08-03 10:48 299,520 --a------ C:\WINDOWS\uninst.exe 2007-08-03 10:48 d-a------ C:\Program Files\KingSmart Suite 2005 2007-08-03 10:48 d-------- C:\Program Files\Client drive 2007-08-03 10:48 d-------- C:\Program Files\Borland 2007-08-03 10:43 296,448 --a------ C:\WINDOWS\system32\midas.dll 2007-08-03 10:43 28,944 --a------ C:\WINDOWS\system32\dbmssocn.dll 2007-08-03 10:43 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll 2007-08-03 10:43 128,512 --a------ C:\WINDOWS\system32\dbexpmss.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-21 18:32 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Skype 2007-08-21 17:09 --------- d-------- C:\Program Files\eMule 2007-08-21 12:23 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared 2007-08-08 19:32 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-07 21:09 --------- d-------- C:\Program Files\Microsoft SQL Server 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-11 08:24 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\U3 2007-07-10 11:26 --------- d-------- C:\Program Files\Gadu-Gadu 2007-06-29 10:15 --------- d-------- C:\Program Files\Skype 2007-06-29 10:15 --------- d-------- C:\Program Files\Fichiers communs\Skype 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-21 08:31 --------- d-------- C:\Program Files\Interstem 2007-06-21 07:56 --------- d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\Gadu-Gadu 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2007-01-07 17:35 360448 --a------ C:\Program Files\Uninstall My Web Search.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “hpsysdrv”=“c:\windows\system\hpsysdrv.exe” [1998-05-07 17:04] “HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2002-09-09 08:05] “KYE_Showicon”=“C:\Program Files\USB Storage RW\shwicon.exe” [2002-10-25 16:33] “KBD”=“C:\HP\KBD\KBD.EXE” [2001-07-06 21:56] “StorageGuard”=“C:\Program Files\VERITAS Software\Update Manager\sgtray.exe” [2002-06-18 09:01] “Recguard”=“C:\WINDOWS\SMINST\RECGUARD.EXE” [2002-09-13 22:42] “NvCplDaemon”=“NvQTwk” [] “nwiz”=“nwiz.exe” [2002-10-01 00:39 C:\WINDOWS\system32\nwiz.exe] “PS2”=“C:\WINDOWS\system32\ps2.exe” [2002-06-14 16:39] “snpstd”=“C:\WINDOWS\vsnpstd.exe” [2004-06-10 14:48] “PMCRemote”=“C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe” [2005-10-31 11:35] “PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2003-11-10 17:06] “ccApp”=“C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe” [2004-02-29 02:52] “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVIEW”=“nview.dll,nViewLoadHook” [] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-20 01:09] “AWMON”=“C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” [2005-05-25 13:12] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Belkin Wireless G Desktop Card Client Utility.lnk - C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2007-06-11 19:25:42] hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [2002-11-05 05:14:05] hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34] hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray R2 MSSQL$EZEEFD;MSSQL$EZEEFD;C:\Program Files\Microsoft SQL Server\MSSQL$EZEEFD\Binn\sqlservr.exe -sEZEEFD R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” R3 3xHybrid;Pinnacle PCTV 110i service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys R3 SjyPkt;SjyPkt;??\C:\WINDOWS\System32\Drivers\SjyPkt.sys S3 SQLAgent$EZEEFD;SQLAgent$EZEEFD;C:\Program Files\Microsoft SQL Server\MSSQL$EZEEFD\Binn\sqlagent.EXE -i EZEEFD S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Contents of the ‘Scheduled Tasks’ folder 2007-08-15 10:00:05 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard #hp psc 1200 series#1181210380.job - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe 2007-07-13 18:00:12 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 18:45:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-21 18:45:54 C:\ComboFix-quarantined-files.txt … 2007-08-21 18:45 — E O F —
Złączono Posta : 21.08.2007 (Wto) 19:02
no i ? - czysto siedza tam jakies virki?
Agaton
(Agatonster)
21 Sierpień 2007 17:15
#4
kubik
Popraw loga tak jak zalecał Admin.
Na Forum używamy polskich znaków.
Proszę poprawić pisownię zarówno w temacie, jak i w opisie problemu.
W celu korekty swojego posta i loga proszę skorzystać z przycisku
Zignorowanie prośby będzie skutkowało usunięciem tematu do Kosza.
jessica
(jessica)
21 Sierpień 2007 18:35
#5
Owszem, jeszcze siedzą “wirki”.
Wklej do Notatnika :
File::
C:\WINDOWS\system32\trusted.exe
Folder::
C:\WINDOWS\exefnd
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie,
jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
(czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku -->http://i12.tinypic.com/4l761r5.gif
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Ten Rootkit zazwyczaj uszkadza Tryb Awaryjny.
U Ciebie w logu ComboFixa tego nie widzę, ale na wszelki wypadek:
NAPRAWA TRYBU AWARYJNEGO
Można zacząć od użycia SafeBootKeyRepair
Jeśli jego użycie nie naprawi Trybu Awaryjnego, to postępuj ściśle wg tego opisu
Naprawa Trybu Awaryjnego .
Pewnie też trzeba będzie przeinstalować Antivirusa, bo pewnie też nie jest w pełni sprawny.
Daj log z ComboFixa do kontroli.
jessi