lokmen
3 Grudzień 2007 17:38
#1
Witam serdecznie. Mnie również spotkało to co wyżej opisane - proszę o pomoc.
ComboFix 07-12-02.7 - Kazar 2007-12-03 17:40:02.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.218 [GMT 1:00] Running from: C:\Documents and Settings\Kazar\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Kazar\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Kazar\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Kazar\Ulubione\Online Security Guide.lnk C:\WINDOWS\system32\xetlaiiz.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-03 12:21 . 2007-12-03 12:27 2,838 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-01 00:08 . 2007-12-01 00:25 188,957,696 --a------ C:\backup.pst 2007-11-29 23:21 . 2007-12-02 19:47 793,844 —hs---- C:\WINDOWS\system32\unesiprr.ini 2007-11-29 23:02 . 2007-11-29 23:02 145,984 --a------ C:\WINDOWS\system32\xetlaiiz.dll 2007-11-29 23:02 . 2007-11-29 23:02 145,984 --a------ C:\WINDOWS\system32\dlwllrvo.dll 2007-11-29 23:01 . 2007-11-29 23:01 2007-11-29 22:09 . 2007-11-30 16:03 75 --a------ C:\WINDOWS\mopyfish.ini 2007-11-29 19:49 . 2007-11-29 19:49 2007-11-29 12:43 . 2007-12-03 09:44 2007-11-29 12:37 . 2007-11-29 12:37 2007-11-28 14:36 . 2007-11-28 21:58 2007-11-27 17:48 . 2006-05-31 08:46 25,214 -ra------ C:\WINDOWS\system32\memorystick.ico 2007-11-27 16:14 . 2007-04-13 08:50 108,424 -ra------ C:\WINDOWS\system32\drivers\zebrmdmc.sys 2007-11-27 16:14 . 2007-04-13 08:50 108,296 -ra------ C:\WINDOWS\system32\drivers\zebrmdm.sys 2007-11-27 16:14 . 2007-04-13 08:50 90,888 -ra------ C:\WINDOWS\system32\drivers\zebrsce.sys 2007-11-27 16:14 . 2007-04-13 08:50 83,080 -ra------ C:\WINDOWS\system32\drivers\zebrbus.sys 2007-11-27 16:14 . 2007-04-13 08:50 15,112 -ra------ C:\WINDOWS\system32\drivers\zebrmdfl.sys 2007-11-27 16:14 . 2007-04-13 08:50 12,424 -ra------ C:\WINDOWS\system32\drivers\zebrcmnt.sys 2007-11-27 16:14 . 2007-04-13 08:50 12,424 -ra------ C:\WINDOWS\system32\drivers\zebrcm.sys 2007-11-27 15:55 . 2007-11-27 15:55 2007-11-27 15:55 . 2005-06-08 15:53 288 --a------ C:\WINDOWS\mrinstu.iss 2007-11-26 22:45 . 2007-11-26 22:45 2007-11-26 22:45 . 2007-04-13 08:50 62,984 -ra------ C:\WINDOWS\system32\drivers\zebrceb.sys 2007-11-26 22:45 . 2007-04-13 08:50 12,424 -ra------ C:\WINDOWS\system32\drivers\zebrwhnt.sys 2007-11-26 22:45 . 2007-04-13 08:50 12,424 -ra------ C:\WINDOWS\system32\drivers\zebrwh.sys 2007-11-26 22:29 . 2007-11-26 22:44 2007-11-26 22:29 . 2007-11-26 22:30 2007-11-26 22:29 . 2007-11-26 22:29 2007-11-26 22:29 . 2007-11-26 22:29 2007-11-26 22:25 . 2007-11-26 22:25 146 --a------ C:\WINDOWS\DelMR.bat 2007-11-26 08:25 . 2007-11-26 08:25 2007-11-19 23:43 . 2007-11-19 23:43 2007-11-19 23:43 . 2007-11-19 23:43 4 --a------ C:\WINDOWS\system32\proc-220146841.bin 2007-11-19 11:27 . 2004-08-04 08:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-11-19 11:27 . 2004-08-04 08:08 17,024 --a–c— C:\WINDOWS\system32\dllcache\usbohci.sys 2007-11-19 11:21 . 2007-11-19 11:21 2007-11-19 11:21 . 2007-11-19 11:21 2007-11-19 11:21 . 2007-11-19 11:27 2007-11-19 11:21 . 2007-04-13 14:18 88,960 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-03 16:38 --------- d-----w C:\Documents and Settings\Kazar\Dane aplikacji\Skype 2007-11-29 21:57 --------- d-----w C:\Documents and Settings\Kazar\Dane aplikacji\Azureus 2007-11-28 11:40 --------- d-----w C:\Program Files\Azureus 2007-11-26 21:30 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-11-26 11:11 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-26 11:10 --------- d-----w C:\Program Files\Common Files\Panda Software 2007-11-26 10:55 80 ----a-w C:\WINDOWS\system32\drivers\netfltConfig.dat 2007-11-17 12:37 --------- d-----w C:\Program Files\VAG-COM 2007-10-17 16:33 --------- d-----w C:\Program Files\Emapa 2007-10-08 12:35 --------- d-----w C:\Program Files\MSXML 4.0 2007-10-08 07:39 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-10-08 07:39 --------- d-----w C:\Documents and Settings\Kazar\Dane aplikacji\Thunderbird 2007-10-06 18:53 --------- d-----w C:\Program Files\ArcaMicroScan 2007-10-06 18:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-06 18:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-10-06 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-10-06 10:32 --------- d-----w C:\Program Files\CCleaner 2007-10-03 11:52 --------- d-----w C:\Program Files\Skype 2007-10-03 11:51 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-03 11:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-29 23:02 145984 --a------ C:\WINDOWS\system32\xetlaiiz.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\xetlaiiz.dll [2007-11-29 23:02 145984] [HKEY_CLASSES_ROOT\clsid{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 08:44] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 12:31] “mRouterConfig”=“C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe” [2006-03-02 11:54] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CARPService”=“carpserv.exe” [2003-05-21 14:35 C:\WINDOWS\system32\carpserv.exe] “ATIModeChange”=“Ati2mdxx.exe” [2002-08-16 00:18 C:\WINDOWS\system32\Ati2mdxx.exe] “Cpqset”=“C:\Program Files\HPQ\Default Settings\cpqset.exe” [2003-10-05 17:28] “Display Settings”=“C:\Program Files\HPQ\Notebook Utilities\hptasks.exe” [2002-08-15 05:26] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 08:41] “iPlusManager”=“C:\Program Files\iPlus\iPlusChecker.exe” [2007-04-13 14:18] “PC Suite for Smartphones”=“C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe” [2007-05-28 10:14] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 08:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xetlaiiz] xetlaiiz.dll 2007-11-29 23:02 145984 C:\WINDOWS\system32\xetlaiiz.dll R3 ALiIRDA;Sterownik urządzenia podczerwieni ALi;C:\WINDOWS\system32\DRIVERS\alifir.sys R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys S3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys S3 ComFiltr;Panda Anti-Dialer;??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys S3 FA312;Sterownik karty NETGEAR FA330/FA312/FA311 Fast Ethernet;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{46c766a1-ef29-11db-b43f-000f20295064}] \Shell\AutoRun\command - G:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d1e08420-73f6-11dc-b47a-0011672f0a30}] \Shell\AutoRun\command - F:\CHIP\Bezpieczenstwo.exe . Contents of the ‘Scheduled Tasks’ folder “2007-05-11 10:04:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 17:53:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???2?8?4?2??P??? ???B???B? ??? scanning hidden files … C:\WINDOWS\system32\xetlaiiz.dllbox 20810 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2007-12-03 18:00:29 - machine was rebooted C:\ComboFix2.txt … 2007-12-03 17:28 C:\ComboFix3.txt … 2007-12-03 14:46 . — E O F —
Gutek
3 Grudzień 2007 19:33
#2
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
lokmen
4 Grudzień 2007 08:11
#3
Dziękuję za pomoc. Problem wyskakujących okienek już zniknął. Pozostał za to jeszcze jeden - otóż po wciśnięciu ctl+alt+del wyskakuje menadżer zadań tyle że bez MENU sama ramka …
lokmen
28 Grudzień 2007 13:51
#5
Witam- tym razem komp mojego brata problem podobny- wklejam log z combofix’a
ComboFix 07-12-21.4 - Bartek 2007-12-28 14:23:41.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.468 [GMT 1:00] Running from: C:\Documents and Settings\Bartek\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))) . 2007-12-27 13:58 . 2007-12-27 13:58 2007-12-27 13:57 . 2007-12-27 13:57 2007-12-27 13:57 . 2007-12-27 13:58 2007-12-27 13:57 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-27 13:47 . 2007-12-27 13:47 98,304 --a------ C:\WINDOWS\system32\qttask.exe 2007-12-27 13:45 . 2001-10-31 10:14 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll 2007-12-27 12:59 . 2007-12-27 12:59 1,158 --a------ C:\WINDOWS\mozver.dat 2007-12-26 16:25 . 2007-12-26 16:25 278 --a------ C:\WINDOWS\game.ini 2007-12-24 10:54 . 2007-12-24 10:54 2007-12-24 10:54 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax 2007-12-22 16:23 . 2007-12-27 16:27 2007-12-22 13:23 . 2007-12-22 13:23 2007-12-21 18:14 . 2007-12-21 23:21 2007-12-21 11:18 . 2007-12-21 11:18 2007-12-20 21:20 . 2007-12-20 21:20 2007-12-20 17:33 . 2007-12-21 23:21 2007-12-20 17:33 . 2007-12-26 14:56 2007-12-20 17:15 . 2007-12-20 17:15 2007-12-20 17:05 . 2007-12-21 16:59 2007-12-20 15:07 . 2007-12-20 15:07 2007-12-20 15:07 . 2007-12-27 16:05 2007-12-20 15:07 . 2007-12-20 15:07 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-12-19 16:24 . 2007-12-19 16:24 2007-12-19 16:14 . 2007-12-19 16:14 2007-12-17 11:14 . 2007-12-17 11:14 2007-12-17 11:10 . 2007-12-17 11:10 2007-12-16 22:30 . 2007-12-16 22:30 167,953 --a------ C:\WINDOWS\system32\ssa.dll 2007-12-16 22:20 . 2007-12-16 22:20 119,825 --------- C:\WINDOWS\system32\ddfdbcaea.dll 2007-12-14 22:47 . 2007-12-17 20:50 172 --a------ C:\avone.ini 2007-12-14 22:46 . 2003-12-13 21:40 1,003,520 --a------ C:\WINDOWS\system32\ltmm_n.dll 2007-12-14 22:46 . 2004-01-25 17:49 303,104 --a------ C:\WINDOWS\system32\rmparser.dll 2007-12-14 22:45 . 2007-12-20 16:51 184 --a------ C:\WINDOWS\system32\buyurl_rm.dat 2007-12-14 17:46 . 2007-12-26 14:54 2007-12-12 19:03 . 2007-12-12 19:04 2007-12-12 19:03 . 2007-12-12 19:03 2007-12-12 19:01 . 2007-12-12 19:01 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-12 17:56 . 2007-12-22 10:01 2007-12-12 17:52 . 2007-12-12 18:41 2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-08 17:01 . 2007-12-08 17:01 2007-12-07 03:07 . 2007-12-07 03:07 102,400 --a------ C:\WINDOWS\system32\SampleGrabber.ax 2007-12-01 19:28 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-12-01 19:28 . 2007-12-01 19:28 421 --a------ C:\WINDOWS\ODBC.INI 2007-12-01 19:27 . 2007-12-01 19:27 2007-12-01 19:26 . 2007-12-01 19:27 2007-12-01 19:26 . 2007-12-01 19:26 2007-11-30 22:38 . 2007-12-17 12:15 2007-11-30 22:38 . 2007-11-30 22:38 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-30 22:36 . 2007-11-30 22:36 2007-11-30 22:36 . 2007-12-27 11:07 2007-11-30 22:36 . 2007-11-30 22:36 2007-11-30 22:36 . 2007-12-17 12:43 2007-11-30 22:36 . 2007-11-30 22:36 2007-11-30 21:41 . 2007-12-05 15:45 2007-11-30 21:41 . 2007-11-30 21:41 2007-11-30 21:40 . 2007-11-30 21:40 2007-11-30 19:00 . 2007-11-30 19:00 2007-11-30 18:59 . 2003-10-06 08:41 113,664 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-11-30 18:59 . 2003-10-06 08:41 5,632 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-11-30 18:58 . 2007-11-30 18:58 2007-11-30 18:58 . 2007-11-30 18:58 2007-11-30 18:58 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-11-30 18:58 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-11-30 18:58 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-11-30 18:58 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-30 18:58 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-11-29 16:09 . 2007-11-29 16:09 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-29 16:08 . 2007-11-29 16:08 6,820,520 --a------ C:\Program Files\FirefoxGoogleToolbarSetup.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-28 09:57 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\AVG7 2007-12-27 17:39 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\GanymedeNet 2007-12-27 16:23 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\BitTorrent 2007-12-27 12:46 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack 2007-12-26 15:25 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-26 13:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft 2007-12-21 19:59 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-12-21 18:44 --------- d-----w C:\Program Files\Ganymede 2007-12-14 20:42 --------- d-----w C:\Program Files\Delta Force Helikopter w Ogniu 2007-11-25 18:08 --------- d-----w C:\Program Files\MarBit 2007-11-25 16:37 --------- d-----w C:\Program Files\SmartSound Software 2007-11-25 16:37 --------- d-----w C:\Program Files\QuickTime 2007-11-25 16:37 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2007-11-25 16:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\SmartSound Software Inc 2007-11-25 16:36 --------- d-----w C:\Program Files\Ulead Systems 2007-11-25 16:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime 2007-11-24 18:17 --------- d-----w C:\Program Files\BitTorrent 2007-11-24 18:00 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\Ulead Systems 2007-11-24 10:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2007-11-24 10:23 --------- d-----w C:\Program Files\Common Files\InterVideo 2007-11-24 10:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo 2007-11-24 10:22 --------- d-----w C:\Program Files\Windows Media Components 2007-11-24 09:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg7 2007-11-23 18:38 --------- d-----w C:\Program Files\Canon 2007-11-23 18:35 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-23 18:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield 2007-11-23 18:34 --------- d-----w C:\Program Files\ScanSoft 2007-11-23 18:33 --------- d-----w C:\Program Files\Common Files\CANON 2007-11-23 18:31 --------- d–h--w C:\Program Files\CanonBJ 2007-11-23 18:31 --------- d–h--w C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ 2007-11-23 17:51 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-11-23 17:51 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-11-23 17:51 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\AVG7 2007-11-23 17:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-11-23 17:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-11-23 17:28 --------- d-----w C:\Program Files\Analog Devices 2007-11-23 17:05 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-23 17:03 --------- d-----w C:\Program Files\Usługi online 2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}] 2007-12-16 22:30 167953 --a------ C:\WINDOWS\system32\ssa.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{7753B2C4-8E27-4CEC-87EB-2739480D8A11}] C:\WINDOWS\poswin.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-08-31 16:46] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-12-21 11:16] “CanonSolutionMenu”=“C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe” [2007-05-14 17:01] “CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe” [2007-04-03 17:50] “UVS11 Preload”=“C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe” [2007-03-03 14:12] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “DaemonTools_WhenUSave_Installer”=“C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe” [] “QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2007-12-27 13:47] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] “AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2007-11-23 18:51] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSetFolders”= 0 (0x0) “NoRecentDocsMenu”= 0 (0x0) “NoRecentDocsHistory”= 0 (0x0) “NoFavoritesMenu”= 0 (0x0) “NoSimpleStartMenu”= 0 (0x0) “NoUserNameInStartMenu”= 0 (0x0) “NoStartMenuPinnedList”= 0 (0x0) “NoStartMenuMFUprogramsList”= 0 (0x0) “NoSMMyPictures”= 0 (0x0) “NoStartMenuMyMusic”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddfdbcaea] C:\WINDOWS\system32\ddfdbcaea.dll 2007-12-16 22:20 119825 C:\WINDOWS\system32\ddfdbcaea.dll R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-06-30 07:01] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 14:24:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\ddfdbcaea.dll . Completion time: 2007-12-28 14:25:07 C:\ComboFix2.txt … 2007-12-28 14:17
Gutek
28 Grudzień 2007 19:19
#6
Wklej do Notatnika:
File::
C:\WINDOWS\system32\ddfdbcaea.dll
C:\WINDOWS\poswin.dll
Folder::
C:\Program Files\DaemonTools_WhenUSave_Installer
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7753B2C4-8E27-4CEC-87EB-2739480D8A11}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DaemonTools_WhenUSave_Installer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddfdbcaea]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
