Worm.sality / trojan.generic Zablokowany Menager zadań

Dla specjalistów Bezpieczeństwo
#1

Witam,

mam problem z nawracającym worm.sality i trojan.generic

Nie wiem jak się tego pozbyć.

Nie działa mi menager zadań ani nie moge otworzyc rejestru. Dodatkowo blokuje mi też inne programy (jak chociażby nie działa mi bluetooth).

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:53:58, on 2009-04-10

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\PC Tools Internet Security\pctsAuxs.exe

C:\Program Files\PC Tools Internet Security\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\PC Tools Internet Security\pctsTray.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [GenePccMon] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe

O4 - HKLM…\Run: [DeluxMouse] C:\Program Files\Mouse\MouseDrv.exe

O4 - HKLM…\Run: [iSTray] “C:\Program Files\PC Tools Internet Security\pctsTray.exe”

O4 - HKLM…\Run: [RemoteControl8] “C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe”

O4 - HKLM…\Run: [PDVD8LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKCU…\Run: [EXPLORER.EXE] EXPLORER.EXE

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Bluetooth Manager.lnk = ?

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{3555D098-2C59-40F2-8622-12C83AC76526}: NameServer = 212.244.71.1,194.204.159.1

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe

End of file - 6005 bytes

#2

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Jeśli to Sality najlepszym wyjściem jest format

ale daj log Combofixa to zobaczymy

:slight_smile:

#3

ComboFix 09-04-04.01 - user 2009-04-10 13:48:20.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3071.2591 [GMT 2:00]

Uruchomiony z: h:\aplikacje\ComboFix.exe

AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated)

FW: Internet Security Firewall *disabled*

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\uninstall.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))

.

2009-04-08 21:39 . 2009-04-08 21:39

2009-04-08 13:31 . 2009-04-08 13:31

2009-04-08 13:30 . 2009-04-08 13:30

2009-04-08 13:28 . 2009-04-08 16:01

2009-04-06 20:22 . 2009-04-06 20:39

2009-04-06 20:15 . 2009-04-06 20:17

2009-04-03 09:58 . 2009-04-03 09:58

2009-04-03 09:14 . 2009-04-03 09:14

2009-03-31 09:11 . 2009-03-31 09:11

2009-03-31 09:11 . 2009-03-31 09:11

2009-03-24 19:06 . 2009-03-24 19:06

2009-03-24 18:26 . 2009-04-03 09:23

2009-03-24 18:26 . 2009-03-24 18:26

2009-03-24 18:22 . 2009-04-03 09:23

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-10 11:38 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-10 11:38 --------- d-----w c:\program files\PC Tools Internet Security

2009-04-10 10:57 --------- d-----w c:\documents and settings\user\Dane aplikacji\SolidWorks

2009-04-08 14:01 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NOS

2009-04-07 10:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-04-06 18:39 --------- d-----w c:\program files\SolidWorks

2009-04-06 18:39 --------- d-----w c:\program files\Common Files\SolidWorks Shared

2009-04-06 18:04 --------- d-----w c:\program files\SolidWorks Installation Manager

2009-04-03 18:26 --------- d-----w c:\program files\Gadu-Gadu

2009-04-03 18:24 --------- d-----w c:\program files\Common Files\Autodesk Shared

2009-04-03 18:24 --------- d-----w c:\program files\AutoCAD 2007

2009-04-02 15:47 --------- d-----w c:\program files\Genesys PC Camera Device

2009-03-30 20:14 --------- d-----w c:\program files\Mouse

2009-03-24 17:06 --------- d-----w c:\program files\Google

2009-03-08 08:15 --------- d-----w c:\documents and settings\user\Dane aplikacji\Nowe Gadu-Gadu

2009-03-04 10:15 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-02-18 21:39 --------- d-----w c:\documents and settings\user\Dane aplikacji\sldIM

2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys

2009-01-17 16:28 407 ----a-w c:\program files\setuplog.txt

2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]

“EXPLORER.EXE”=“EXPLORER.EXE” [2008-04-15 c:\windows\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SMSERIAL”=“c:\program files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-01-29 708608]

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 856153]

“PDVD8LanguageShortcut”=“c:\program files\CyberLink\PowerDVD8\Language\Language.exe” [2007-12-14 132392]

“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-01-05 483328]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 105328]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-05-16 1777664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableTaskMgr”= 1 (0x1)

“DisableRegistryTools”= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll” [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 22:51 1764864 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

–a------ 2007-04-28 13:05 8429568 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

–a------ 2007-04-28 13:05 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

–a------ 2005-05-03 12:43 348160 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

–a------ 2007-04-28 13:05 1806336 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

–a------ 2007-03-08 10:21 16228352 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

–a------ 2006-05-16 12:04 3084288 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

“UacDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“AntiVirusOverride”=dword:00000001

“AntiVirusDisableNotify”=dword:00000001

“FirewallDisableNotify”=dword:00000001

“FirewallOverride”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

“UacDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Tlen.pl\tlen.exe”=

“c:\Program Files\Java\jre6\bin\javaw.exe”=

“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=

“c:\WINDOWS\system32\sessmgr.exe”=

“c:\WINDOWS\system32\userinit.exe”=

“c:\WINDOWS\system32\nwiz.exe”=

“c:\WINDOWS\system32\netsh.exe”=

“c:\WINDOWS\SkyTel.EXE”=

“c:\WINDOWS\RTHDCPL.EXE”=

“c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe”=

“c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe”=

“c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe”=

“c:\Program Files\Synaptics\SynTP\SynTPEnh.exe”=

“c:\Program Files\SolidWorks\SLDWORKS.exe”=

“c:\Program Files\PC Tools Internet Security\pctsTray.exe”=

“c:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe”=

“c:\Program Files\Messenger\msmsgs.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe”=

“c:\Program Files\AutoCAD 2007\acad.exe”=

“c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”=

“c:\Program Files\Windows Desktop Search\wds_sl.exe”=

“c:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe”=

“c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe”=

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-10-19 51520]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-10-19 38208]

R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-10-19 160680]

R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2009-02-07 3608]

R3 abp470n5;abp470n5;??\c:\windows\system32\drivers\lrliln.sys --> c:\windows\system32\drivers\lrliln.sys [?]

R3 FWAuth;FWAuth Driver;c:\windows\system32\drivers\FWAuthDriver.sys [2008-10-19 57256]

R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-07-31 1208064]

R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-07-31 8064]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-10-19 33088]

S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys --> c:\windows\system32\DRIVERS\adusbser.sys [?]

S3 DCamUSBGene;USB2.0 2M PC Cam;c:\windows\system32\drivers\USBGENE.sys [2008-08-04 144896]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [2008-10-19 356920]

S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]

— Inne Usługi/Sterowniki w Pamięci —

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{09e148c0-7aa3-11dd-a880-001e8c0487b8}]

\Shell\AuTopLAY\ComMANd - F:\bton.pif

\Shell\AutoRun\command - F:\bton.pif

\Shell\EXPLore\COmmANd - F:\bton.pif

\Shell\oPEN\comMAnD - F:\bton.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{09e148c1-7aa3-11dd-a880-001e8c0487b8}]

\Shell\AutoRun\command - I:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1dde57c0-739b-11dd-a869-001e8c0487b8}]

\Shell\AUTOplay\coMmAnd - J:\wmfhg.pif

\Shell\AutoRun\command - J:\wmfhg.pif

\Shell\eXplore\CoMmand - J:\wmfhg.pif

\Shell\oPen\cOmmanD - J:\wmfhg.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{3d866f5e-9adb-11dd-a8c3-001e8c0487b8}]

\Shell\AutoRun\command - E:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5cd55ff8-a8c1-11dd-a8ef-001e8c0487b8}]

\Shell\AutoRun\command - E:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bbb1c49e-e9fe-11dd-a97f-001e8c0487b8}]

\Shell\AutoRun\command - E:\Launcher.exe

.

        • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-GenePccMon - c:\program files\Genesys PC Camera Device\GenePccMon.exe

HKLM-Run-DeluxMouse - c:\program files\Mouse\MouseDrv.exe

HKLM-Run-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-HControl - c:\windows\ATK0100\HControl.exe

MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe

MSConfigStartUp-wsctf - wsctf.exe

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: {3555D098-2C59-40F2-8622-12C83AC76526} = 212.244.71.1,194.204.159.1

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-10 13:49:06

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘lsass.exe’(1892)

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

.

Czas ukończenia: 2009-04-10 13:50:41

ComboFix-quarantined-files.txt 2009-04-10 11:50:39

Przed: 17 154 215 936 bajtów wolnych

Po: 17,231,507,456 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

207 — E O F — 2009-03-15 11:52:41

#4

Tak jest potwierdzenie Sality

1.format wszystkich dysków i partycji bez wyjątku

2.instalacja nowego systemu pod żadnym pozorem nie korzystać z instalek i sterowników będących wcześniej na zakażonym systemie

3 instalacja dobrego antywira np.30 dni darmo Kaspersky Anti-Virus http://www.kaspersky.pl/download.html?s=trial

ewentualnie możesz spróbować leczyć http://www.searchengines.pl/index.php?showtopic=106545&hl=sality

:slight_smile: