tptomo
(Tptomo)
30 Sierpień 2007 16:18
#1
witam
mam sb live 5.1 mialem wirusa
Packed.Win32.PolyCrypt.b Plik: C:\System Volume Information_restore{D31BC824-E92C-4010-B176-EBA1240F30EA}\RP146\A0020243.exe/CryptFF/PE_Patch.Poly
kasperski niby go usunal ale nie mam dzwieku jak zaintaluje sterowniki to dzwieki mam 1 dzien i znowu nie ma,jak probuje sluchac winampa to mam komunikat brak karty dzwiekowej, w panelu sterowania we wlasciwosciach dzwieku windows nie wykrywa urzadzen audio
moj skan
Logfile of HijackThis v1.99.1 Scan saved at 18:22:20, on 2007-08-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Cerberus\Cerberus.exe C:\WINDOWS\system32\Ctsvccda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\Opera.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.lublin.pl:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe” O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM…\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_27.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_75.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_34.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://67.15.101.3/g_bin/pl/pirate_2_0_0_30.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_34.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_32.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_49.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_46.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_28.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_30.cab O17 - HKLM\System\CCS\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip…{EB4566A8-4C76-4C6E-9312-806D22C54675}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Cerberus FTP Server - Grant Averett - C:\Program Files\Cerberus\Cerberus.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\Ctsvccda.exe
jessica
(jessica)
30 Sierpień 2007 16:30
#2
Masz ukraińską infekcję czyli Rootkit “Windows Security Center”
Użyj FixWareout
Po jego użyciu może zajść potrzeba ustawiania od nowa DNS Twojego dostawcy internetowego.
O4 - HKLM…\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O17 - HKLM\System\CCS\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip…{EB4566A8-4C76-4C6E-9312-806D22C54675}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199 O17 - HKLM\System\CS1\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199 O17 - HKLM\System\CS2\Services\Tcpip…{2284FD82-0390-49DD-ADB4-061D5BD7DEF9}: NameServer = 85.255.113.124,85.255.112.199 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.124 85.255.112.199
Potem te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Jeśli nie masz jakiegoś narzędzia usuwającego, to ściągnij OTMoveIt
Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:
Następnie wciśnij przycisk MoveIt !
Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes .
Po restarcie usuń ręcznie folder C:* * _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).
Potem daj tu:
raport z C:\FixWareout.txt
log z Hijacka
log z ComboFix lub DeckardsSS (na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.
Jeśli dasz DeckardsSS, to nie dawaj Hijacka.
jessi
tptomo
(Tptomo)
30 Sierpień 2007 18:08
#3
uzylem fixwareout sfiksowale jak mowiles ale w otmmovelt jak chce skasowac te pliki to mi pojawia komunikat
cannot create file C_OTMoveltFiles\08302007\200643.log
olac to i robic loga combo bo z fixa mam
Złączono Posta : 30.08.2007 (Czw) 20:44
Username “Tom” - 2007-08-30 19:37:46 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “nameserver”=“85.255.113.124 85.255.112.199” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{2284FD82-0390-49DD-ADB4-061D5BD7DEF9} “nameserver”=“85.255.113.124,85.255.112.199” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{EB4566A8-4C76-4C6E-9312-806D22C54675} “nameserver”=“85.255.113.124,85.255.112.199” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{CAB07EC5-A78A-4FC0-A6F3-8576C30255BF} “DhcpNameServer”=“85.255.113.124,85.255.112.199” System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE~\Winlogon\ “System”="" … … »»»»» Misc files. … »»»»» Checking for older varients. … »»»»» Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “DAEMON Tools”="“C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045" “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay" “VVSN”=“C:\Program Files\VVSN\VVSN.exe” “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “OpwareSE2”="“C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”" “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “WINDVDPatch”=“CTHELPER.EXE” “UpdReg”=“C:\WINDOWS\UpdReg.EXE” “Jet Detection”="“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”" “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run” “AAWTray”=“C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”="“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" … Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
Logfile of HijackThis v1.99.1 Scan saved at 20:43:30, on 2007-08-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Cerberus\Cerberus.exe C:\WINDOWS\system32\Ctsvccda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\Opera.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.lublin.pl:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1045 O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe” O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM…\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_27.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_26.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_75.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_34.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://67.15.101.3/g_bin/pl/pirate_2_0_0_30.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_34.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_32.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_49.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_46.cab O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_28.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_30.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Cerberus FTP Server - Grant Averett - C:\Program Files\Cerberus\Cerberus.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\Ctsvccda.exe
i log combo http://www.wklej.org/id/168cacfaa8
jessica
(jessica)
31 Sierpień 2007 09:14
#4
Z logu ComboFixa wynika, że to jest bezplikowy wpis, więc wystarczy sfiksować go w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz go >> Fix checked .
Nic więcej podejrzanego nie widzę.
jessi
tptomo
(Tptomo)
31 Sierpień 2007 13:28
#5
dzieki wielkie wydaje sie wszystko w porzadku
Złączono Posta : 31.08.2007 (Pią) 15:38
mam jeszce pytanko combofix utworzyl mi folder qoobox mam go skasowac jest tam w nim tez jakas kwarantanna a w niej
2007-03-06 18:07 767 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Tom\DANEAP~1\Microsoft\Internet Explorer\Quick Launch\INTERN~1.LNK.vir 2007-08-30 20:30 105 --a------ C:\Qoobox\BackEnv\profiles.folder.cf 2007-08-30 20:30 130 --a------ C:\Qoobox\BackEnv\PROGRAMS.folder.cf 2007-08-30 20:30 150 --a------ C:\Qoobox\BackEnv\APPDATA.folder.cf 2007-08-30 20:30 155 --a------ C:\Qoobox\BackEnv\CACHE.folder.cf 2007-08-30 20:30 155 --a------ C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf 2007-08-30 20:30 165 --a------ C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf 2007-08-30 20:30 2762 --a------ C:\Qoobox\BackEnv\setpath.bat 2007-08-30 20:30 35 --a------ C:\Qoobox\BackEnv\MY PICTURES.folder.cf 2007-08-30 20:30 53 --a------ C:\Qoobox\BackEnv\DESKTOP.folder.cf 2007-08-30 20:30 57 --a------ C:\Qoobox\BackEnv\FAVORITES.folder.cf 2007-08-30 20:30 57 --a------ C:\Qoobox\BackEnv\PERSONAL.folder.cf 2007-08-30 20:30 57 --a------ C:\Qoobox\BackEnv\START MENU.folder.cf 2007-08-30 20:30 57 --a------ C:\Qoobox\BackEnv\TEMPLATES.folder.cf 2007-08-30 20:30 93 --a------ C:\Qoobox\BackEnv\STARTUP.folder.cf 2007-08-30 20:35 473997 --a------ C:\Qoobox\snapshot_2007-08-30_203549,57.cf Zmienna PATH folderu Numer seryjny woluminu: 3CC9-1385 C:\QOOBOX | snapshot_2007-08-30_203549,57.cf | ±–BackEnv | APPDATA.folder.cf | CACHE.folder.cf | DESKTOP.folder.cf | FAVORITES.folder.cf | LOCAL APPDATA.folder.cf | LOCAL SETTINGS.folder.cf | MY PICTURES.folder.cf | PERSONAL.folder.cf | profiles.folder.cf | PROGRAMS.folder.cf | setpath.bat | START MENU.folder.cf | STARTUP.folder.cf | TEMPLATES.folder.cf | —Quarantine ±–C | ±–ComboFix | —DOCUME~1 | —Tom | —DANEAP~1 | —Microsoft | —Internet Explorer | —Quick Launch | INTERN~1.LNK.vir | —Registry_backups
Monczkin
(Monczkin)
1 Wrzesień 2007 12:34
#7
Proszę zmodyfikować temat na konkretniejszy i poprawić błędy - na forum piszemy po polsku.