Logi z combofix, pomoc w wykryciu szkodników


(Daniello Daniel) #1

Witam, coś ostatni miewam problemy z pc.... przeskanowałem nodem, wyczysciłem spybotem, ccleanerem, i prosił bym o pomoc w sprawdzeniu z logów comboxif czy wszystko jest dobrze, oto log:

ComboFix 09-06-20.02 - Pc 2009-06-20 23:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1573 [GMT 2:00]

Uruchomiony z: d:\z neta\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents

c:\documents and settings\Pc\Dane aplikacji\wiaserva.log

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-20 do 2009-06-20 )))))))))))))))))))))))))))))))

.

2009-06-20 11:14 . 2009-06-20 11:14 -------- d-----w- c:\windows\system32\Lang

2009-06-20 11:12 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe

2009-06-20 11:12 . 2009-06-20 11:12 -------- d-----w- c:\windows\system32\RTCOM

2009-06-20 11:12 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe

2009-06-20 11:12 . 2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

2009-06-20 11:12 . 2007-01-16 02:39 1191936 ------r- c:\windows\RtlUpd.exe

2009-06-20 11:11 . 2006-05-04 08:35 9709568 ------r- c:\windows\RTLCPL.exe

2009-06-20 11:11 . 2007-03-01 09:27 4484608 ------r- c:\windows\system32\drivers\RtkHDAud.sys

2009-06-20 11:11 . 2007-02-26 07:03 16125440 ------r- c:\windows\RTHDCPL.exe

2009-06-20 11:11 . 2006-10-11 09:42 2157568 ------r- c:\windows\MicCal.exe

2009-06-20 11:11 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe

2009-06-20 11:11 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

2009-06-20 11:11 . 2009-06-20 11:11 -------- d-----w- c:\program files\Realtek

2009-06-20 11:11 . 2009-06-20 11:11 315392 ----a-w- c:\windows\HideWin.exe

2009-06-20 11:11 . 2007-01-12 08:54 520192 ------r- c:\windows\RtlExUpd.dll

2009-06-15 20:55 . 2009-06-15 21:21 -------- d-----w- c:\program files\Valve

2009-06-15 09:05 . 2009-06-15 09:05 -------- d-----w- c:\documents and settings\Pc\Ustawienia lokalne\Dane aplikacji\Activision

2009-06-14 08:51 . 2009-06-14 08:51 -------- d-----w- c:\documents and settings\Pc\Ustawienia lokalne\Dane aplikacji\PunkBuster

2009-06-13 15:49 . 2009-06-15 09:03 22328 ----a-w- c:\documents and settings\Pc\Dane aplikacji\PnkBstrK.sys

2009-06-13 15:47 . 2009-06-15 09:03 682280 ----a-w- c:\windows\system32\pbsvc.exe

2009-06-13 15:01 . 2009-06-13 15:01 -------- d-----w- c:\program files\EA Games

2009-06-12 20:52 . 2009-05-15 13:32 1283448 ----a-w- c:\documents and settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\g7w153tz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe

2009-06-12 20:52 . 2009-05-15 13:32 729088 ----a-w- c:\documents and settings\Pc\Dane aplikacji\Mozilla\Firefox\Profiles\g7w153tz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

2009-06-11 11:46 . 2009-06-11 11:46 -------- d-----w- c:\program files\Wakoopa

2009-06-06 14:33 . 2009-06-06 14:33 1078 ----a-r- c:\documents and settings\Pc\Dane aplikacji\Microsoft\Installer{0F9196C6-58B4-445B-B56E-B1200FECC151}_4ae13d6c.exe

2009-06-06 14:33 . 2009-06-06 14:33 1078 ----a-r- c:\documents and settings\Pc\Dane aplikacji\Microsoft\Installer{0F9196C6-58B4-445B-B56E-B1200FECC151}_2cd672ae.exe

2009-06-06 14:33 . 2009-06-06 14:33 1078 ----a-r- c:\documents and settings\Pc\Dane aplikacji\Microsoft\Installer{0F9196C6-58B4-445B-B56E-B1200FECC151}_294823.exe

2009-06-06 14:33 . 2009-06-06 14:33 1078 ----a-r- c:\documents and settings\Pc\Dane aplikacji\Microsoft\Installer{0F9196C6-58B4-445B-B56E-B1200FECC151}_18be6784.exe

2009-06-06 14:33 . 2009-06-06 14:47 -------- d-----w- c:\program files\Microsoft Bootvis

2009-06-06 14:13 . 2009-06-18 15:35 0 ----a-w- c:\windows\system32\drivers\74df7777.sys

2009-06-05 14:03 . 2008-06-13 09:13 65536 ------w- c:\windows\system32\ctdvda32.dll

2009-06-05 13:59 . 2009-06-05 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2009-06-05 13:58 . 2009-06-05 13:59 -------- d-----w- c:\windows\system32\Data

2009-06-05 13:52 . 1999-12-13 00:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE

2009-06-05 13:52 . 1999-11-18 00:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2009-05-30 19:08 . 2009-05-31 16:09 -------- d-----w- c:\program files\Warrior Epic

2009-05-28 18:05 . 2009-06-04 18:23 -------- d-----w- c:\program files\eMule

2009-05-24 19:55 . 2009-05-28 13:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Test Drive Unlimited

2009-05-24 10:33 . 2009-06-04 18:23 -------- d-----w- c:\program files\EVGA Precision

2009-05-23 14:03 . 2009-05-23 14:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\3B196

2009-05-22 21:33 . 2009-05-22 21:33 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\InstallShield

2009-05-22 14:29 . 2009-05-22 14:29 -------- d-----w- C:\LiveUpdate_Temp

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-20 21:46 . 2009-02-18 23:20 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

2009-06-20 21:30 . 2001-10-26 18:15 82126 ----a-w- c:\windows\system32\perfc015.dat

2009-06-20 21:30 . 2001-10-26 18:15 459424 ----a-w- c:\windows\system32\perfh015.dat

2009-06-20 21:29 . 2009-02-06 17:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy

2009-06-20 21:26 . 2009-01-12 15:11 -------- d-----w- c:\program files\AutoConnect

2009-06-20 11:11 . 2009-01-11 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 09:23 . 2009-05-21 18:53 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\Tlen.pl

2009-06-18 08:31 . 2009-01-12 17:59 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-06-18 08:30 . 2009-01-12 17:59 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-16 10:28 . 2009-01-12 18:24 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\uTorrent

2009-06-15 09:03 . 2009-01-12 17:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-06-11 19:43 . 2009-01-11 19:31 -------- d-----w- c:\program files\Creative

2009-06-11 08:15 . 2009-01-21 22:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2009-06-06 14:12 . 2009-02-13 21:40 -------- d-----w- c:\program files\jv16 PowerTools

2009-06-05 20:02 . 2009-02-26 20:44 -------- d-----w- c:\program files\Rigs of Rods 0.35

2009-06-05 13:59 . 2009-02-11 13:24 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2009-06-04 18:23 . 2009-01-29 17:56 -------- d-----w- c:\program files\NVIDIA Corporation

2009-06-04 12:54 . 2009-01-29 18:51 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\Skype

2009-06-04 12:34 . 2009-01-29 18:54 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\skypePM

2009-05-30 13:50 . 2009-05-21 18:53 -------- d-----w- c:\program files\Tlen.pl

2009-05-22 21:54 . 2009-02-22 21:35 -------- d-----w- c:\program files\Thoosje Vista Sidebar

2009-05-22 14:28 . 2009-01-11 19:28 -------- d-----w- c:\program files\FOXCONN

2009-05-21 18:53 . 2009-05-21 18:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Tlen.pl

2009-05-16 10:13 . 2009-05-16 10:13 -------- d-----w- c:\program files\Microsoft Games

2009-05-10 19:48 . 2009-01-11 19:51 -------- d-----w- c:\program files\Neostrada TP

2009-05-09 20:57 . 2009-01-13 20:58 -------- d-----w- c:\documents and settings\Pc\Dane aplikacji\Hamachi

2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\151F4

2009-05-02 16:04 . 2009-05-02 16:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\1036B

2009-05-01 14:48 . 2009-01-29 09:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\nView_Profiles

2009-04-30 21:32 . 2009-04-30 21:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\61E4

2009-04-23 15:00 . 2009-01-21 14:33 -------- d-----w- c:\program files\Gadu-Gadu

2009-04-23 14:26 . 2009-01-19 18:12 -------- d-----w- c:\program files\AMD

2009-04-15 18:42 . 2005-01-24 09:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll

2009-04-10 10:36 . 2009-04-10 10:36 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-03-28 18:24 . 2009-03-28 18:24 702 ----a-w- c:\windows\unins000.dat

2004-10-01 14:00 . 2009-01-13 13:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-07-03 2157096]

"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424]

"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2009-01-17 5853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]

"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2008-10-13 86016]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 171520]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-1-12 286720]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\c:^documents and settings^pc^menu start^programy^autostart^rncsys32.exe]

path=c:\documents and settings\Pc\Menu Start\Programy\Autostart\rncsys32.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\Nowe Gadu-Gadu\gg.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=

"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=

"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"d:\Program Files\Codemasters\GRID\GRID.exe"=

"d:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

"c:\WINDOWS\system32\PnkBstrA.exe"=

"c:\WINDOWS\system32\PnkBstrB.exe"=

"d:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"=

"d:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"=

R1 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [2009-01-13 6080]

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-06-04 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-04 555032]

R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-06-04 18840]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-04 566296]

S1 74df7777;74df7777;c:\windows\system32\drivers\74df7777.sys [2009-06-06 0]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-06-04 99352]

S3 cpuz;cpuz; [x]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-04 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-04 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-04 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-04 566296]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

S3 FXExSS;FXExSS;c:\program files\FOXCONN\FOX ONE\FXExSS32.sys [2009-01-11 21312]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.entretieneteds.vze.com

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: { - c:\program files\Messenger\msmsgs.exe

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

TCP: {00EA362C-5296-449A-A770-9C65C224FC02} = 194.204.159.1 217.98.63.164

DPF: {784797a8-342d-4072-9486-03c8d0f2f0a1} - hxxps://www.battlefieldheroes.com/stati ... 0.17.0.cab

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-20 23:49

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-879983540-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:5e,91,ab,02,1e,2c,fd,e7,85,30,d0,c7,bf,5e,fc,36,d1,b9,4a,ce,6c,

6b,2e,f6,f2,b4,eb,46,7b,d6,1b,3a,c6,97,43,7c,c7,b0,26,55,76,75,76,d0,7e,0a,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="9CA46E43DDF23B644FE8345828D2C971BA2E7C1C42FED241D551F7BB0F142B51B5E1084A0C70348988B399D793ECB2B1203C7EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC793365B303F86BE5688C4461F51BDB4E475913A5C6C50DF14B490C369EB1D16AF0799B0AEC8B2A1581F66F9C20CE451BEF9B5FC33625C78C0C7A9D0D0A676B880363BFB18496EC7D2E6F109B910047EA349CB374E5DA3DC7F9019DCB1F803BDE6384D4C524B50055E3B407DE637D1A305E1E6E425702356C543E0726E18C35AFE77F9140750723FB2E4BE5CD86156CFECDA41F9BDE3E6AEBECD80732AE9D41E276BCDE04F5AE0E7029FCF62F3E9EE013F3F98A5226B48B582CBAFD6C314CBA860DE5DDD379D567D8845332B1A3EE0DC8D6AB289C288EBC668E9282B4EB307347BBEADE582725CCFD87214AE62166F9231189A596B7F8927421D25E4DB469ADFBA6FEE81E79CFCFCB0BF7A0C4F7E3A747D1A9643C78279BFE87300EDD349B229B0519B6953E867554FB334D233A4B0700D9E4F57263CD532AFAA5C2F1EAEB7D402575B7929983B5CB5BEB1D414F867DBA01D8A5FC44A6AF3C447264F8A7855E2C65110D4E82807E0BBE038E3F75826609B0656F093E6F162045160AC61297D9C23B310FE4C2BC318FD01E54223AAE8E21E631822344E962656ED903122354F68BAD5B45D678FE2279CB24D6D48301B85C35A5C4BDA05BE1BE49C5CE7728713332DADBF009980B1B8E044132A307701AB9C46ECD30ED8E59026F28A4F345AA7D8671C004C2E7AF57B75D663640517B5E5BCC7DEB349DCF80AA91936EEC6D3F3B7DB75EA43003B98980D0466440C12222061D879DE8767001D872DEC72AEB70C2AD83CBACE3577F571C6C5AF59C8D68F8A3970618CF8EC879CDE8238355DD0660D4C163ABCFA75757DCD05F55B2BAD6E5423336C3CF55AEFC71E03FA7FE364954D0F344E24E8A1C19BD3453A3C4267BE5147819BD33098394CD59D4EB1BB88AD3A52DD2CA1B6C2F9C59DE7B32F67F66666F88735628BFA53892E44ABF7E811C857D17340E558AF3D5732EDF0AD34A2BC74D924F1242617DD9122D4944677CD305A16C560803F750AF6F94CD6749DDE3E1CCDEF9A8F5ACF25AC36AC0CC746C0C64047EE54E0C9B32855516D3B726672DFEAD4683879EAFF392C2EDE2E5A8E6A5A536AF56263D31872AD34CC6212265A6DAD839C1CFFB51F2CB4D9A25CB6BD400C1F27BDF8BC54545613BE3BEF756ABF42AD5B7CDD3ADC9E4C64666C27008F40525946BFDAA3B3DE2E3009F18C940E24191D25A849EBC26C3B535DE38772ED99DAE9921ED6795CDDA5F3BD3F2D5BF8539AAA2C807EB92C60DBE4421C8BDF0E7B733"

.

Czas ukończenia: 2009-06-20 23:49

ComboFix-quarantined-files.txt 2009-06-20 21:49

Przed: 25 716 252 672 bajtów wolnych

Po: 25 705 345 024 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

203 --- E O F --- 2009-05-13 10:42


(deFco247) #2

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link !!

Pobierz Avenger i uruchom.

Skopiuj ten tekst:

Files to delete:

c:\documents and settings\Pc\Menu Start\Programy\Autostart\rncsys32.exe

W oknie Avengera klikasz Paste Script from Clipboard , wybierasz Execute i zgadzasz się na restart.

Po restarcie kasujesz plik C:\Avenger\backup.zip i dajesz tutaj do sprawdzenia raport C:\avenger.txt

Menu Start - Uruchom... - cmd

Wpisujesz w oknie:

Po każdej linijce Enter.


(Daniello Daniel) #3

oto log z avangera..... ten jest krótki więc nie ma sensu go chyba dawać na wklej.pl

oto log:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\documents and settings\Pc\Menu Start\Programy\Autostart\rncsys32.exe" not found!

Deletion of file "c:\documents and settings\Pc\Menu Start\Programy\Autostart\rncsys32.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.


(deFco247) #4

Widać to była tylko pozostałość po tym wirusie.

Więc jest czysto. :))

Otwórz Notatnik i wklej do niego:

REGEDIT4


[HKLM\software\microsoft\windows\run\currentversion\startupfolder\c:^documents and settings^pc^menu start^programy^autostart^rncsys32.exe]

Plik zapisz jako typ wszystkie pliki pod nazwą plik.reg - uruchom powstały plik i potwierdź chęć dodania do rejestru.

Usuń Avenger z dysku.

Menu Start - Uruchom... - Combofix /u

Usuń zbędniki z autostartu.


(Daniello Daniel) #5

wielgaśne dzięki................pozdro.