jar1612
(Jar1612)
10 Luty 2008 14:53
#1
Witam
Widze ze sporo ludzi ma ten sam problem.
Prosze o sprawdzenie moich logow i pomoc, oraz podpowiedz w jaki sposob sie przed czyms takim zabezpieczyc.
ComboFix 08-02.05.3 - Bartek 2008-02-10 15:41:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.861 [GMT 1:00] Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe . ((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))) . 2008-02-10 15:17 . 2008-02-10 15:17 2008-02-10 14:14 . 2008-02-10 14:14 2008-02-10 10:36 . 2008-02-10 10:36 2008-02-08 18:17 . 2008-02-08 18:17 2008-02-08 18:17 . 2008-02-09 19:50 2008-02-08 18:17 . 2008-02-08 18:17 2008-02-05 19:36 . 2008-02-05 19:36 103,673 -r-hs---- C:\188qsm.bat 2008-02-03 16:41 . 2008-02-03 16:41 2008-02-03 07:57 . 2008-02-04 18:08 103,367 -r-hs---- C:\2ifetri.cmd 2008-02-02 22:36 . 2008-02-02 22:54 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-02-02 22:34 . 2008-02-02 22:34 2008-02-02 22:34 . 2008-02-02 22:34 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-02-02 22:08 . 2008-02-02 22:08 2008-02-02 21:48 . 2008-02-02 21:48 2008-02-02 18:25 . 2008-02-02 18:25 2008-02-02 18:25 . 2008-02-02 18:25 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-02-02 18:23 . 2008-02-02 21:36 2008-02-02 18:22 . 2008-02-02 18:22 2008-02-02 18:22 . 2008-02-02 18:22 2008-02-02 18:22 . 2008-02-02 18:22 2008-02-02 12:25 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-02-02 11:22 . 2008-02-02 11:22 104,644 -r-hs---- C:\i.cmd 2008-02-02 09:31 . 2008-02-09 11:54 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-02-01 18:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-02-01 18:49 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-01-31 20:49 . 2008-01-31 20:49 2,314 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-01-31 20:31 . 2008-01-31 20:31 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2008-01-31 20:15 . 2008-01-31 20:15 2008-01-31 20:08 . 2008-01-31 20:08 2008-01-31 18:42 . 2008-01-31 18:42 2008-01-31 17:00 . 2008-01-31 17:00 2008-01-31 17:00 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-01-31 17:00 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-01-31 17:00 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-01-31 17:00 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-01-31 16:59 . 2008-01-31 16:59 2008-01-31 16:44 . 2008-02-04 18:07 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME 2008-01-31 16:42 . 2008-01-31 16:42 2008-01-31 16:41 . 2008-02-10 10:37 2008-01-31 16:39 . 2008-01-31 16:39 2008-01-31 16:39 . 2008-01-31 16:41 2008-01-31 16:39 . 2008-01-31 16:39 2008-01-31 16:33 . 2008-02-10 14:08 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{CFD8409B-5F3D-4D77-8433-1A9821296155} 2008-01-31 16:31 . 2008-01-31 16:31 2008-01-31 16:30 . 2008-01-31 16:30 2008-01-31 16:30 . 2008-01-31 16:30 2008-01-31 16:30 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2008-01-30 21:51 . 2008-01-30 21:51 2008-01-30 21:50 . 2008-01-30 21:50 2008-01-30 21:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-30 21:49 . 2008-01-30 21:49 2008-01-30 21:27 . 2008-01-30 21:27 2008-01-30 21:27 . 2008-01-30 21:27 2008-01-30 21:24 . 2004-08-04 00:44 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2008-01-30 21:24 . 2004-08-04 00:44 91,136 --a–c— C:\WINDOWS\system32\dllcache\kswdmcap.ax 2008-01-30 21:24 . 2004-08-04 00:44 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2008-01-30 21:24 . 2004-08-04 00:44 61,952 --a–c— C:\WINDOWS\system32\dllcache\kstvtune.ax 2008-01-30 21:24 . 2004-08-04 00:44 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-01-30 21:24 . 2004-08-04 00:44 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-01-30 21:24 . 2004-08-04 00:44 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2008-01-30 21:24 . 2004-08-04 00:44 43,008 --a–c— C:\WINDOWS\system32\dllcache\ksxbar.ax 2008-01-30 21:15 . 2008-01-30 21:15 2008-01-30 21:10 . 2006-05-03 11:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2008-01-30 20:48 . 2008-01-30 20:48 2008-01-30 20:48 . 2008-01-30 20:48 2008-01-30 20:48 . 2008-01-30 20:48 2008-01-30 20:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-01-30 20:43 . 2008-01-30 20:43 2008-01-30 20:22 . 2008-01-31 19:47 2008-01-30 20:17 . 2008-01-31 20:15 2,752 --a------ C:\WINDOWS\unins000.dat 2008-01-30 19:08 . 2007-08-13 18:54 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll 2008-01-30 18:05 . 2007-07-09 14:11 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-01-30 18:02 . 2002-08-25 11:00 449,888 --a------ C:\WINDOWS\system32\drivers\Cap7134.sys 2008-01-30 18:02 . 2002-01-31 16:50 94,208 --a------ C:\WINDOWS\system32\34api.dll 2008-01-30 18:02 . 2002-01-31 16:50 90,112 --a------ C:\WINDOWS\system32\34dialog.dll 2008-01-30 18:02 . 2002-01-31 16:50 90,112 --a------ C:\WINDOWS\system32\34COM.dll 2008-01-30 18:02 . 2002-01-31 16:50 73,728 --a------ C:\WINDOWS\system32\34dd.dll 2008-01-30 18:02 . 2002-01-31 16:50 69,632 --a------ C:\WINDOWS\system32\34TvCtrl.dll 2008-01-30 18:02 . 2002-06-19 11:00 32,768 --a------ C:\WINDOWS\system32\Prop7134.dll 2008-01-30 18:02 . 2002-07-16 11:00 19,616 --a------ C:\WINDOWS\system32\drivers\PhTVTune.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-09 10:12 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-02-02 22:05 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-02-02 08:12 103,574 --sh–r C:\h.cmd 2008-01-31 19:50 --------- d-----w C:\Program Files\SiSLan 2008-01-30 20:10 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-01-30 16:54 --------- d-----w C:\Program Files\Your Uninstaller 2008 2008-01-30 16:53 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\URSoft 2008-01-30 16:51 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-30 16:48 --------- d-----w C:\Program Files\Alwil Software 2008-01-30 15:43 --------- d-----w C:\Program Files\Multimedia V3.54 2008-01-30 15:41 --------- d-----w C:\Program Files\C-Media 3D Audio 2008-01-30 15:33 --------- d-----w C:\Program Files\microsoft frontpage 2008-01-30 15:31 --------- d-----w C:\Program Files\Usługi online 2008-01-29 15:49 103,894 --sh–r C:\ylr.exe 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208] “LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-04-19 13:26 484904] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-05-04 10:39 149040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 11:15 106496] “Cmaudio”=“cmicnfg.cpl” [] “SiS Tray”=“C:\WINDOWS\System32\sistray.EXE” [2003-10-30 14:10 667648] “SiS Windows KeyHook”=“C:\WINDOWS\System32\keyhook.exe” [2003-10-30 14:09 249856] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “ANIWZCS2Service”=“C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe” [2007-01-19 11:49 49152] “D-Link D-Link Wireless G DWA-510”=“C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe” [2007-05-04 10:26 1662976] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-05-04 10:59 161328] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 16:41 45056] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360] R2 Cap7134;TV Capture Card 7130;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-08-25 11:00] R3 PhTVTune;TV Capture Card tv tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 11:00] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5865e6b9-cf4a-11dc-ae70-001966361764}] \Shell\AutoRun\command - G:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{65fd50c2-cf47-11dc-ae6e-806d6172696f}] \Shell\AutoRun\command - E:\Bin\assetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a9f753b6-d230-11dc-bfdb-001b11b203ac}] \Shell\AutoRun\command - F:\2ifetri.cmd \Shell\explore\Command - F:\2ifetri.cmd \Shell\open\Command - F:\2ifetri.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a9f753b7-d230-11dc-bfdb-001b11b203ac}] \Shell\AutoRun\command - F:\2ifetri.cmd \Shell\explore\Command - F:\2ifetri.cmd \Shell\open\Command - F:\2ifetri.cmd [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “C:\Program Files\Common Files\LightScribe\LSRunOnce.exe” . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-10 15:42:35 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-10 15:43:08 ComboFix-quarantined-files.txt 2008-02-10 14:42:53 ComboFix2.txt 2008-02-10 09:36:06 . 2008-02-01 22:36:05 — E O F — Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:12, on 2008-02-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\sistray.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM…\Run: [siS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM…\Run: [D-Link D-Link Wireless G DWA-510] C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 1719200546 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ … 586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – End of file - 7295 bytes Z gory dziekuje za pomoc
Leon1
(Leon$)
10 Luty 2008 15:10
#2
Wyłącz przywracanie systemu na wszystkich dyskach
otwórz notatnik i wklej
File::
C:\188qsm.bat
C:\2ifetri.cmd
C:\i.cmd
C:\h.cmd
C:\ylr.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=-
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania
Zaraza przenosi się przez pendrivy,karty pamięci itd.
Jak się zabezpieczyć ? Wyłączyć autoodtwarzanie na dyskach zostawić tylko na stacji DVD i CD
Leon1
(Leon$)
10 Luty 2008 15:27
#4
Nic nie zrobione to nie jest log z usuwania
zrobiłeś tak z tym plikiem CFScript.txt jak napisałem?
powtórz to jeszcze raz
jar1612
(Jar1612)
10 Luty 2008 15:42
#5
Kiey robie tak jak piszesz uruchamia sie combofix a potem daje taki log Nie mam pojecia co jest zle.
jar1612
(Jar1612)
10 Luty 2008 16:17
#6
nie mam pojecia dlaczego tak sie dzieje po upuszczeniu odpala sie combofix i widac ze combo wlacza funkcje przywracania systemu. Ech. Teraz musze wyjechac ale powroce do tematu jak wroce ok godz 22
asterisk
(Asterisk)
10 Luty 2008 16:24
#7
Zapoznaj się proszę z tą stroną i zmień tytuł na konkretny.
Inaczej temat poleci do śmietnika.
Proszę o dostosowanie się do tematu
Nowe zasady wklejania logów na forum
jar1612
(Jar1612)
10 Luty 2008 21:29
#8
Witam ponownie
Widze ze temat zostal juz zmieniony za co dziekuje (nie poszlo do kosza) Bede musial popracowac nad umieszczeniem logow. Ale poki co prosze kolege o wyjasnienie dlaczego w moim przypadku nie udalo sie wykonac przeniesienia ikonki CFScript.txt na ikonke combofix.exe (brak procesu usuwania), a zamiast tego odpalal sie ponownie combofix? Prosze o oswiecenie mnie w temacie
jar1612
(Jar1612)
10 Luty 2008 23:07
#9
Przepraszam za wklejenie loga poprawiam sie
http://up.wklej.org/download.php?id=c28 … 194857ccbc
spie na stojaco
Gutek
(Gutek)
11 Luty 2008 18:34
#10
Nie mogę pobrać pliku, nie pisz posta pod postem