Nie moge odpalic combofix!

Lajner · 29 Maj 2009 17:09

32788R22FWJFW\PEV.exe uzip “32788R22FWJFW\License\pv_5_2_2.zip” “32788R22FWJFW\License” && MOVE /Y “32788R22FWJFW\License\pv.exe” 32788R22FWJFW\

32788R22FWJFW\pv.exe -kf n.com

Killing ‘n.com’

“C:\32788R22FWJFW\n.com” cmdwait 2500 exec hide “~$folder.system$\cmd.execf” /c 32788R22FWJFW\prep.cmd (193284)

MOVE /Y 32788R22FWJFW\pv.exe 32788R22FWJFW\pv.cfexe

32788R22FWJFW\pv.cfexe -kf n.com

Killing ‘n.com’

pv: No matching processes found

PUSHD “C:\32788R22FWJFW”

IF NOT EXIST pev.cfexe COPY /Y pev.exe pev.cfexe

Liczba skopiowanych plik˘w: 1.

IF NOT EXIST Nircmd.com COPY /Y n.com Nircmd.com

Liczba skopiowanych plik˘w: 1.

SET “Comspec=C:\WINDOWS\system32\cmd.execf”

IF NOT EXIST C:\WINDOWS\system32\cmd.exe GOTO Not_NT

IF EXIST OsVer EXIT

VER 1>OsVer

GREP.cfexe -F “5.2.” OsVer

IF 1 == 0 GOTO Not_NT

GREP.cfexe -F “5.1.2” OsVer

Microsoft Windows XP [Wersja 5.1.2600]

IF 0 == 0 GOTO NT

GREP.cfexe -isq “ProductType.*WinNT” WinNT00 || GOTO Not_NT

SED.CFEXE “/^PATH=/I!d; s///; s/\x22//g” Oripath 1>OriPath00

PEV.EXE -rtf -s+901 .\OriPath00 && (

SED.CFEXE -r “s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//” OriPath00 1>OriPath01

FOR /F “TOKENS=*” %G IN (OriPath01) DO @SET “PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G”

)

IF NOT EXIST OriPath01 FOR /F “TOKENS=*” %G IN (OriPath00) DO SET “PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%G”

SET “PATH=C:\32788R22FWJFW;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem”

Killing ‘runonce.exe’

Killing ‘grpconv.exe’

Killing ‘procmon.exe’

pv: No matching processes found

PEV -rtf --c:##5# .* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (

PV -o%f * 1>temp01

PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02

FINDSTR -BIG:temp00 temp02 1>temp03

SED “/.* /!d; s///” temp03 1>temp04

SED “:a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/” temp04 1>temp05

FOR /F “TOKENS=*” %G IN (temp05) DO @NIRCMD KILLPROCESS %G

)

CALL :MDCheck

Nie moľna odnale«† C:\32788R22FWJFW\md5sum00.pif.

PEV -rtf -md55DA7F187E4DCAB6AEE671D55BAE9A5BD .\md5sum.pif || CALL :MDFaiL ChkSum_Fail

.\md5sum.pif

PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat

GREP -vs “^!MD5:” mdCheck00.dat | GREP -Fvf md5sum.pif 1>mdCheck01.dat && CALL :MDFaiL

NIRCMD INFOBOX “” “”

do tego wyskakuje blad bez tresci i combo fix sam sie usuwa niby bo jak sciagam to odrazu jest sciagniety!!

XMan · 29 Maj 2009 17:31

Poradnik - instrukcja : viewtopic.php?f=16&t=36654

Lajner · 29 Maj 2009 18:23

DDS (Ver_09-05-14.01) - NTFSx86

Run by Uodor at 20:22:27,71 on 2009-05-29

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1466 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

svchost.exe C:\WINDOWS\TEMP\VRT1.tmp

C:\WINDOWS\System32\reader_s.exe

C:\WINDOWS\system32\6.tmp

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\System32\reader_s.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Uodor\Pulpit\dds.com

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\windows\system32\dse235rgd0.dll

BHO: IEHlprObj Class: {f171a450-7af5-43e1-afed-edc826a1b0f5} - c:\windows\system32\bgdferw0.dll

uRun: [kxva] c:\windows\system32\kxvo.exe

uRun: [hjdsdse] c:\windows\system32\oukdfgr.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [reader_s] c:\documents and settings\uodor\reader_s.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot

mRun: [DAEMON Tools-1033] “c:\program files\d-tools\daemon.exe” -lang 1033

mRun: [reader_s] c:\windows\system32\reader_s.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [reader_s] c:\documents and settings\uodor\reader_s.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\uodor\daneap~1\mozilla\firefox\profiles\1yjum2cm.default\

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-5-29 18944]

=============== Created Last 30 ================

2009-05-29 20:12 3,072 a------- c:\windows\system32\drivers\audstub.sys

2009-05-29 20:12 25,856 a------- c:\windows\system32\drivers\usbprint.sys

2009-05-29 20:12 58,624 a------- c:\windows\system32\drivers\redbook.sys

2009-05-29 20:12 6,400 a------- c:\windows\system32\drivers\enum1394.sys

2009-05-29 20:11 77,312 a------- c:\windows\system32\usbui.dll

2009-05-29 20:10

2009-05-29 20:08 1,896,400 ac------ c:\windows\system32\dllcache\NT5.CAT

2009-05-29 20:08

2009-05-29 20:07 261 a------- c:\windows\system32$winnt$.inf

2009-05-29 19:35 60,929 a------- c:\documents and settings\uodor\reader_s.exe

2009-05-29 19:26

2009-05-29 18:56

2009-05-29 18:24

2009-05-29 18:20

2009-05-29 18:16

2009-05-29 18:15

2009-05-29 18:14

==================== Find3M ====================

2009-05-29 20:17 107,520 —shr-- c:\windows\system32\wedasgads0.dll

2009-05-29 19:35 60,929 a------- c:\windows\system32\reader_s.exe

2009-05-29 19:35 58,880 a------- c:\windows\system32\6.tmp

2009-05-29 19:17 99,328 —shr-- c:\windows\system32\hyrteas0.dll

2009-05-29 19:17 234,028 —shr-- c:\windows\system32\oukdfgr.exe

2009-05-29 19:17 234,028 —shr-- C:\lhylec9x.cmd

2009-05-29 19:17 58,880 a------- c:\windows\system32\4.tmp

2009-05-29 18:35 355,830 a------- c:\windows\system32\perfh015.dat

2009-05-29 18:35 49,712 a------- c:\windows\system32\perfc015.dat

2009-05-29 18:31 182,912 a------- c:\windows\system32\drivers\ndis.sys

2009-05-29 18:28 18,944 a—h--- c:\windows\system32\drivers\protect.sys

2009-05-29 18:28 58,880 a------- c:\windows\system32\1B.tmp

2009-05-29 18:27 15,600 a------- c:\windows\gdrv.sys

2009-05-29 18:24 335,872 a------- c:\windows\HideWin.exe

2009-05-29 18:17 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-05-29 18:15 21,856 a------- c:\windows\system32\emptyregdb.dat

2008-12-13 14:30 208,464 —shr-- c:\windows\system32\kxvo.exe

============= FINISH: 20:22:34,51 ===============

LOG z DDS

deFco247 · 29 Maj 2009 18:26

Teraz wiemy dlaczego Combofix nie działa - niestety masz Viruta. :o

Zastosuj się do jednej z metod zawartych w tym poście.