Login prosze o sprawdzenie


(Igoorek) #1

Logfile of HijackThis v1.99.1

Scan saved at 20:09:24, on 2008-03-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Documents and Settings\WinXP\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM..\Run: [c3ie] C:\WINDOWS\rtakkd.exe

O4 - HKLM..\Run: [system Toolkit] C:\WINDOWS\Systools.exe

O4 - HKLM..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\rtakkd.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM..\Run: [Norton] C:\WINDOWS\inf\catalog\navapsvcxp.exe

O4 - HKLM..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM..\Run: [ulead AutoDetector] D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [orcToByloLatwe] C:\WINDOWS\services.exe

O4 - HKLM..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe"

O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM..\Run: [msm] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe

O4 - HKLM..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKCU..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\RegClean.exe"

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip..{37C5CF59-B885-4299-A279-B3E2C5A78E53}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{37C5CF59-B885-4299-A279-B3E2C5A78E53}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)


(Setjuniorhigh) #2

Napisz o co Ci chodzi, i poczytaj zasady wklejania logów i ogólnie regulamin :evil:

Tak btw.

Fix cheked


(Dawidex11) #3

Wpisy zafixuj w HijackThis , czyli zaznacz wszystko to co jest poniżej i później kliknij Fix Checked ,

C:\Program Files\SurfSideKick 2 odinstaluj i potem usuń ten folder

C:\Program Files\YourSiteBar odinstaluj i potem usuń ten folder

C:\Program Files\ISTsvc odintaluj odinstaluj i potem usuń ten folder

C:\Program Files\TimeSink odinstaluj i potem usuń ten folder

C:\Program Files\Registry Cleaner Trial odinstaluj i potem usuń ten folder

C:\Program Files\SideFind odinstaluj i potem usuń ten folder

Pobierz Combofix :arrow: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

O twórz notatnik i wpisz :

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)post-55327-13856533909346_thumb.gif

Po usuwaniu daj wygenerowany log z ComboFix’a .


(Igoorek) #4

ComboFix 08-03-21.1 - WinXP 2008-03-21 23:03:50.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.159 [GMT 1:00]

Running from: C:\Documents and Settings\WinXP\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\WinXP\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Registry Cleaner Trial\RegClean.exe

C:\Program Files\SurfSideKick 2\Ssk.exe

C:\Program Files\TimeSink\AdGateway\TSAdBot.exe

C:\WINDOWS\inf\catalog\navapsvcxp.exe

C:\WINDOWS\rtakkd.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\gah95on6.exe

C:\WINDOWS\system32\paytime.exe

C:\WINDOWS\Systools.exe

C:\WINDOWS\zeta.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\WinXP\Dane aplikacji\Sskknwrd.dll

C:\WINDOWS\hosts

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\system32\instsrv.exe

.

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))

.

2008-03-21 23:03 . 2008-03-21 23:03 3,631 --a------ C:\52.tmp

2008-03-21 20:45 . 2008-03-21 20:45 4,564 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-21 19:52 . 2008-03-21 19:52

2008-03-21 19:51 . 2008-03-21 19:54

2008-03-12 11:21 . 2008-03-12 11:21 0 --a------ C:\WINDOWS\system32\qcn2eemn.html

2008-03-12 11:16 . 2008-03-12 11:16

2008-03-12 11:15 . 2008-03-12 11:15

2008-03-12 11:15 . 2007-12-06 16:51 28,568 --a------ C:\WINDOWS\system32\drivers\AVHook.sys

2008-03-12 11:15 . 2007-12-06 16:51 21,912 --a------ C:\WINDOWS\system32\drivers\AVRec.sys

2008-03-12 11:15 . 2008-02-12 11:44 21,904 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys

2008-03-12 11:14 . 2008-03-21 22:42

2008-03-12 11:14 . 2008-03-12 11:16

2008-03-04 08:54 . 2008-03-05 16:21 3,584 --a------ C:\WINDOWS\EAddress.dll

2008-03-02 18:40 . 2008-03-20 21:53 2,611 --a------ C:\WINDOWS\sql.MIF

2008-03-02 18:38 . 1997-07-19 17:01 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll

2008-03-02 18:38 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll

2008-03-02 18:38 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll

2008-03-02 18:38 . 1997-01-13 10:49 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll

2008-03-02 18:38 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll

2008-03-02 18:33 . 2008-03-02 18:40 1,246 --a------ C:\WINDOWS\setup.iss

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 21:43 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-21 21:43 --------- d-----w C:\Program Files\Steam

2008-03-21 21:43 --------- d-----w C:\Program Files\Neostrada TP

2008-03-21 14:36 --------- d-----w C:\Program Files\eMule

2008-03-21 11:16 --------- d-----w C:\Program Files\Real Alternative

2008-03-21 11:16 --------- d-----w C:\Program Files\InstallShield Installation Information

2008-03-21 11:16 --------- d-----w C:\Program Files\Inkscape

2008-03-21 11:16 --------- d-----w C:\Program Files\DivX

2008-03-21 11:16 --------- d-----w C:\Program Files\BullsEye Network

2008-03-21 11:16 --------- d-----w C:\Program Files\Azureus

2008-03-21 07:32 --------- d-----w C:\Documents and Settings\WinXP\Dane aplikacji\Xfire

2008-03-13 06:04 --------- d-----w C:\Program Files\Google

2008-03-12 12:07 --------- d-----w C:\Program Files\Multi Theft Auto

2008-03-10 07:41 295,936 ----a-w C:\WINDOWS\inf\isprnt.exe

2008-03-04 10:41 --------- d-----w C:\Program Files\Gadu-Gadu

2008-01-29 18:54 --------- d-----w C:\Program Files\Deluxe Ski Jump

2008-01-29 17:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterAction studios

2008-01-22 05:50 --------- d-----w C:\Documents and Settings\WinXP\Dane aplikacji\Leadertech

2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll

2007-12-25 14:57 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2005-03-10 01:05 53,323 ----a-w C:\Program Files\opera\program\plugins\PlugDef.dll

1999-07-07 00:00 6 --sh–r C:\WINDOWS@@desktop.dat

2006-06-30 14:37 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” []

“Steam”=“c:\program files\steam\steam.exe” [2008-03-15 18:28 1270602]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-09-30 06:35 4603904]

“nwiz”=“nwiz.exe” [2004-09-30 06:35 921600 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-09-30 06:35 86016]

“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2008-03-18 19:30 33385]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2008-03-20 16:33 29289]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2008-03-18 19:30 62066]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2008-03-11 08:14 45745]

“KAVPersonal50”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe” [2008-03-21 21:58 148118]

“Ulead AutoDetector”=“D:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe” []

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-03-11 09:03 87290]

“Anti-Blaxx Manager”=“C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe” []

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2008-03-13 07:31 876147]

“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2008-03-11 07:24 66252]

“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2008-02-15 17:11 1238928]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-04-07 17:39:49 972827]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Multi Theft Auto\MTAServer.exe”=

“C:\Program Files\Opera\Opera.exe”=

“C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe”=

“C:\WINDOWS\system32\dpvsetup.exe”=

“C:\WINDOWS\system32\rundll32.exe”=

“C:\WINDOWS\system32\dpnsvr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe”=

“C:\Program Files\Gadu-Gadu\ggphone\ggphone.exe”=

“C:\WINDOWS\system32\dplaysvr.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Documents and Settings\WinXP\Pulpit\Evolutions%200.7.8%20XML\Evolutions 0.7.8 XML\Evolutions-XML.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Mozilla Firefox\firefox.exe”=

“C:\Program Files\Steam\Steam.exe”=

“F:\Counter Strike 1.6\hl.exe”=

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-08-30 14:20]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-11-06 17:39]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-11-06 17:39]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-11-06 17:39]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-11-06 17:39]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-11-06 17:39]

S4 ZESOFT;ZESOFT;C:\WINDOWS\zeta.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8c6114e4-0c62-11db-82e9-4d6564696130}]

\Shell\AutoRun\command - K:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b1811423-b7d3-11dc-8803-000e504b4af8}]

\Shell\AutoRun\command - K:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bd303dc3-d74d-11dc-888d-000e504b4af8}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bdf76d4c-95e6-11db-850b-4d6564696130}]

\Shell\AutoRun\command - K:\

\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-21 23:06:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 2787

**************************************************************************

.

Completion time: 2008-03-21 23:06:43

ComboFix-quarantined-files.txt 2008-03-21 22:06:39

.

2008-03-12 19:29:37 — E O F —


(Dmirecki) #5

Wklej do notatnika:

C:\52.tmp

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\EAddress.dll


Driver::

ZESOFT


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

88953CFScript-createdbyMiekiemoes.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum + nowy log z HijackThis.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: ** Qoobox**

Przeskanuj plik na http://www.virustotal.com

Użyj SDFix i pokaż z niego raport.


(Gutek) #6

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350