Prośba o sprawdzenie loga!

Piotrowski85 · 8 Marzec 2009 09:11

Mój log to:

ComboFix 09-03-06.02 - dOrriS 2009-03-08 9:54:45.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.503.248 [GMT 1:00]

Uruchomiony z: d:\documents and settings\dOrriS\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Autorun.inf

D:\s.bat

d:\windows\system32\mcenspc.dll

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))

.

2009-03-08 09:01 . 2009-03-08 09:04

2009-03-08 09:01 . 2009-03-08 09:01

2009-03-08 09:01 . 2009-03-08 09:31

2009-03-08 09:01 . 2008-08-25 12:36 81,288 --a------ d:\windows\system32\drivers\iksyssec.sys

2009-03-08 09:01 . 2008-08-25 12:36 66,952 --a------ d:\windows\system32\drivers\iksysflt.sys

2009-03-08 09:01 . 2008-08-25 12:36 40,840 --a------ d:\windows\system32\drivers\ikfilesec.sys

2009-03-08 09:01 . 2008-06-02 16:19 29,576 --a------ d:\windows\system32\drivers\kcom.sys

2009-03-08 08:51 . 2009-03-08 08:51

2009-02-16 21:33 . 2006-03-02 13:00 25,088 --a------ d:\windows\system32\userinit.exe

2009-02-10 18:24 . 2009-02-10 18:24

2009-02-08 11:19 . 2009-02-08 11:19 56 --ah----- d:\windows\system32\ezsidmv.dat

2009-02-08 11:14 . 2009-02-08 11:14

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 08:49 --------- d–h--w d:\program files\InstallShield Installation Information

2009-03-04 22:34 --------- d-----w d:\documents and settings\dOrriS\Dane aplikacji\Skype

2009-03-04 21:21 --------- d-----w d:\documents and settings\dOrriS\Dane aplikacji\skypePM

2009-02-26 10:21 --------- d-----w d:\program files\Gadu-Gadu

2009-02-08 10:14 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Skype

2009-01-25 20:39 --------- d-----w d:\program files\SuperDVD Video Editor

2008-02-22 15:17 32 -c–a-w d:\documents and settings\All Users\Dane aplikacji\ezsid.dat

2008-01-20 13:47 36 -c–a-w d:\documents and settings\dOrriS\klextlock.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“d:\windows\system32\ctfmon.exe” [2006-03-02 15360]

“MSMSGS”=“d:\program files\Messenger\msmsgs.exe” [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“d:\windows\system32\igfxtray.exe” [2006-10-06 98304]

“HotKeysCmds”=“d:\windows\system32\hkcmd.exe” [2006-10-06 114688]

“Persistence”=“d:\windows\system32\igfxpers.exe” [2006-10-06 94208]

“Symantec PIF AlertEng”=“d:\program files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 517768]

“TkBellExe”=“d:\program files\Common Files\Real\Update_OB\realsched.exe” [2007-12-06 185896]

“ISTray”=“d:\program files\Spyware Doctor\pctsTray.exe” [2008-08-25 1168264]

“RTHDCPL”=“RTHDCPL.EXE” [2006-07-22 d:\windows\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“d:\windows\system32\CTFMON.EXE” [2006-03-02 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableTaskMgr”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.clmp3enc”= d:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=d:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=d:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a--c— 2008-01-11 22:16 39792 d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPO3]

–a------ 2006-07-18 12:39 1028096 c:\program files\LG Software\IP Operator 2005\IP Operator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

–a--c— 2006-06-14 15:24 278528 d:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]

–a--c— 2006-05-08 13:55 122880 d:\program files\lg_swupdate\autoupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]

–a--c— 2006-07-17 13:46 544768 d:\program files\LG Software\System Control Manager\MGSysCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 17:24 1694208 d:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a--c— 2008-02-28 08:59 570664 d:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

–a------ 2008-01-20 08:05 217088 d:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

–a--c— 2007-04-27 08:41 282624 d:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

–a--c— 2004-11-02 19:24 32768 d:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

–a--c— 2008-06-10 03:27 144784 d:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

–a------ 2007-12-06 21:22 185896 d:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 19:49 36352 d:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

–a--c— 2006-06-28 20:32 89541 d:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r—c--- 2005-05-04 02:43 69632 d:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r—c--- 2006-05-17 02:04 2879488 d:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“navapsvc”=2 (0x2)

“iPod Service”=3 (0x3)

“NishService”=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“d:\Program Files\Winamp Remote\bin\Orb.exe”=

“d:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“d:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“d:\Program Files\iTunes\iTunes.exe”=

“d:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“21314:TCP”= 21314:TCP:BitComet 21314 TCP

“21314:UDP”= 21314:UDP:BitComet 21314 UDP

R0 O2MDRDR;O2MDRDR;d:\windows\system32\drivers\o2media.sys [2006-02-27 34880]

R0 O2SDRDR;O2SDRDR;d:\windows\system32\drivers\o2sd.sys [2006-06-22 29184]

R2 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 356920]

S1 SASKUTIL;SASKUTIL;??\d:\program files\SUPERAntiSpyware\SASKUTIL.sys --> d:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 MGHwCtrl;MGHwCtrl;d:\windows\system32\drivers\MGHwCtrl.sys [2007-05-20 20128]

S4 NishService;Evil Driver Daemon;d:\program files\LG Software\System Control Manager\edd.exe [2007-05-20 40960]

— Inne Usługi/Sterowniki w Pamięci —

*NewlyCreated* - IKFILESEC

*NewlyCreated* - IKSYSFLT

*NewlyCreated* - IKSYSSEC

*NewlyCreated* - MCHINJDRV

*NewlyCreated* - SDAUXSERVICE

*NewlyCreated* - SDCORESERVICE

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1c6f491e-24fb-11dc-b07b-0018de76e8b4}]

\Shell\AutoRun\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - g:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3bb560ab-91f4-11dc-b127-0018de76e8b4}]

\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{41bf6063-03c0-11dc-aed5-806d6172696f}]

\Shell\AutoRun\command - s.bat

\Shell\explore\Command - s.bat

\Shell\open\Command - s.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5c45bbc6-7b3b-11dd-b309-0018de76e8b4}]

\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5dd007a6-4d0c-11dd-b2a5-00161750dbca}]

\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7698a59e-c6c0-11dd-b36f-0018de76e8b4}]

\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{940d3e5c-bec7-11dc-b183-0018de76e8b4}]

\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

.

Zawartość folderu ‘Zaplanowane zadania’

2009-03-08 d:\windows\Tasks\1-Click Maintenance.job

d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 13:24]

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

FF - ProfilePath - d:\documents and settings\dOrriS\Dane aplikacji\Mozilla\Firefox\Profiles\il8rb9w7.default\

FF - prefs.js: browser.startup.homepage - www.interia.pl

FF - component: d:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-08 09:56:35

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-03-08 9:58:05

ComboFix-quarantined-files.txt 2009-03-08 08:58:02

Przed: 1 852 645 376 bajtów wolnych

Po: 1,877,315,584 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot Loader]

Timeout=2

Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[Operating Systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

c:$win_nt$.~bt\BOOTSECT.DAT=“Instalator systemu Windows”

188 — E O F — 2009-02-26 01:04:25

Proszę o sprawdzenie tego loga bo mój komp nie chodzi tak jak chce…

Pozdrawiam

spandaupol · 8 Marzec 2009 09:20

Wylecz pendriva lub kartę pamięci

Flash Disinfector lub Perlovga Removal Tool

lub format

wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

Piotrowski85 · 8 Marzec 2009 09:45

Log z tej operacji to :

http://www.wklej.org/id/61450/

Proszę o komentarz!

spandaupol · 8 Marzec 2009 09:48

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Przeskanuj system daj raport na forum

lub Dr.WEB CureIt!

JNJN · 8 Marzec 2009 11:40