Wyskakujące ostrzeżenia o Trojandown...xs,Abebot

gribu · 5 Kwiecień 2008 19:42

Witam

Moj komp od jakiegos czasu nie chodzi jak trzeba.Zaczelo sie od rozpakowania sciagnietego pliku(najprawdopodobniej gra).

Od tego momentu wyskakuja mi na zmiane powiadomienia o:Trojandownloader.xs i Abebot(Security System Alert,ostrzezenia na pasku,itp.)Dodam jeszcze ze stracilem mozliwosc ustawienia tapety pulpitu,ktora zmienila kolor na niebieski

Z gory dzieki za pomoc

Log z HijackThis"a

http://wklej.org/id/0d023c65c6

Leon1 · 5 Kwiecień 2008 20:13

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

wpisy

O1 - Hosts: 80.190.241.30 home.edonkey.com O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing) O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\BearFlix.exe” /pause O4 - HKCU…\Run: [xfqjcmbg] C:\ProgramData\xfqjcmbg\fcdihgts.exe O4 - HKCU…\Run: [A5V3HxMbwB] C:\ProgramData\vclqlape\padsbuha.exe O4 - HKCU…\Run: [MS Juan] rundll32 “C:\Users\Olivia\AppData\Local\Temp\khilypfj.dll”,run O4 - HKCU…\Run: [mcirlkxa] C:\ProgramData\mcirlkxa\wrwzkncr.exe O4 - HKCU…\Run: [wwtrohia] C:\ProgramData\wwtrohia\hexqxojg.exe O4 - HKCU…\Run: [cmds] rundll32.exe C:\Users\Olivia\AppData\Local\Temp\xxyayYqr.dll,c O4 - HKCU…\Run: [dae7a45e] rundll32.exe “C:\Users\Olivia\AppData\Local\Temp\nchpwfor.dll”,b O4 - HKCU…\Run: [rhknkssc] C:\ProgramData\rhknkssc\datkrmds.exe O4 - Global Startup: Bluetooth.lnk = ?

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

gribu · 5 Kwiecień 2008 22:02

Zrobilem wszystko wedlug wskazowek,i nie wiem czy jest lepiej

Po usunieciu wpisow,zaczely mi przychodzic powiadomienia o innym wirusie,i nie moge nawet wkleic linku do przekierowania,dlatego nie mam innego wyjscia…

ComboFix 08-04-04.1 - Olivia 2008-04-05 21:56:29.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1087 [GMT 1:00]

Running from: C:\Users\Olivia\Desktop\ComboFix.exe

Command switches used :: C:\Users\Olivia\Desktop\CFScript.txt

FILE ::

C:\ProgramData\mcirlkxa\wrwzkncr.exe

C:\ProgramData\rhknkssc\datkrmds.exe

C:\ProgramData\vclqlape\padsbuha.exe

C:\ProgramData\wwtrohia\hexqxojg.exe

C:\ProgramData\xfqjcmbg\fcdihgts.exe

C:\Users\Olivia\AppData\Local\Temp\khilypfj.dll

C:\Users\Olivia\AppData\Local\Temp\nchpwfor.dll

C:\Users\Olivia\AppData\Local\Temp\xxyayYqr.dll

.

TimedOut: Windir.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\ProgramData\mcirlkxa\wrwzkncr.exe

C:\ProgramData\rhknkssc\datkrmds.exe

C:\ProgramData\vclqlape\padsbuha.exe

C:\ProgramData\wwtrohia\hexqxojg.exe

C:\ProgramData\xfqjcmbg\fcdihgts.exe

C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player#SharedObjects\ATVQV5CH\iforex.com

C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player#SharedObjects\ATVQV5CH\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com

C:\Users\Olivia\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com\settings.sol

.

((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-05 20:57 68,848,672 --sha-w C:\Windows\system32\drivers\fidbox.dat

2008-04-05 20:56 --------- d-----w C:\ProgramData\xfqjcmbg

2008-04-05 20:56 --------- d-----w C:\ProgramData\wwtrohia

2008-04-05 20:56 --------- d-----w C:\ProgramData\vclqlape

2008-04-05 20:56 --------- d-----w C:\ProgramData\rhknkssc

2008-04-05 20:56 --------- d-----w C:\ProgramData\mcirlkxa

2008-04-05 20:47 --------- d-----w C:\Users\Olivia\AppData\Roaming\Skype

2008-04-05 20:34 --------- d-----w C:\Users\Olivia\AppData\Roaming\skypePM

2008-04-05 20:34 --------- d-----w C:\ProgramData\Kaspersky Lab

2008-04-05 20:32 914,144 --sha-w C:\Windows\system32\drivers\fidbox.idx

2008-04-03 14:22 --------- d-----w C:\Program Files\a-squared Free

2008-04-03 11:56 --------- d-----w C:\ProgramData\wpptjcli

2008-04-03 05:38 --------- d-----w C:\Program Files\RegCure

2008-04-02 14:10 --------- d—a-w C:\ProgramData\TEMP

2008-04-02 12:43 --------- d-----w C:\ProgramData\rqbgbabk

2008-04-02 00:21 --------- d-----w C:\ProgramData\thsyvlvz

2008-04-01 22:17 691 ----a-w C:\Users\Olivia\AppData\Roaming\GetValue.vbs

2008-04-01 22:17 35 ----a-w C:\Users\Olivia\AppData\Roaming\SetValue.bat

2008-04-01 13:22 --------- d-----w C:\Program Files\Enigma Software Group

2008-04-01 10:15 --------- d-----w C:\Program Files\Trend Micro

2008-03-31 20:12 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-03-31 19:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-03-29 17:31 --------- d-----w C:\Program Files\Google

2008-03-29 12:50 91,700 ----a-w C:\Windows\system32\drivers\klin.dat

2008-03-29 12:50 85,860 ----a-w C:\Windows\system32\drivers\klick.dat

2008-03-29 12:41 --------- d-----w C:\Program Files\Kaspersky Lab

2008-03-29 12:34 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files

2008-03-29 10:43 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-28 22:19 86,528 ----a-w C:\Windows\System32\VACFix.exe

2008-03-26 14:28 --------- d-----w C:\Program Files\CyberLink

2008-03-26 14:26 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-26 14:24 --------- d-----w C:\Program Files\Microsoft Small Business

2008-03-26 14:22 --------- d-----w C:\Program Files\Samsung

2008-03-26 07:50 82,432 ----a-w C:\Windows\System32\IEDFix.exe

2008-03-25 11:25 --------- d-----w C:\Users\Olivia\AppData\Roaming\BitTorrent

2008-03-24 21:29 720,896 ----a-w C:\Windows\iun6002ev.exe

2008-03-24 13:28 724,992 ----a-w C:\Windows\iun6002.exe

2008-03-23 17:44 --------- d-----w C:\Users\Olivia\AppData\Roaming\Azureus

2008-03-21 08:31 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-03-20 13:36 --------- d-----w C:\Program Files\TryMedia

2008-03-19 21:45 --------- d-----w C:\Program Files\DivX

2008-03-17 16:18 --------- d-----w C:\Program Files\Gadu-Gadu

2008-03-12 10:53 --------- d-----w C:\Program Files\Windows Mail

2008-03-12 10:15 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys

2008-03-12 10:15 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-03-01 17:28 --------- d-----w C:\Users\Olivia\AppData\Roaming\DivX

2008-02-28 18:34 --------- d-----w C:\Users\Olivia\AppData\Roaming\PCF-VLC

2008-02-28 15:18 --------- d-----w C:\Users\Olivia\AppData\Roaming\Participatory Culture Foundation

2008-02-28 15:17 --------- d-----w C:\ProgramData\Participatory Culture Foundation

2008-02-28 15:17 --------- d-----w C:\Program Files\Participatory Culture Foundation

2008-02-28 14:51 --------- d-----w C:\ProgramData\Azureus

2008-02-23 22:11 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-02-23 22:11 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-02-23 22:11 39,936 ----a-w C:\Windows\System32\slcinst.dll

2008-02-23 22:11 351,232 ----a-w C:\Windows\System32\SLUI.exe

2008-02-23 22:11 33,280 ----a-w C:\Windows\System32\slwmi.dll

2008-02-23 22:11 268,288 ----a-w C:\Windows\System32\mcbuilder.exe

2008-02-23 22:11 223,232 ----a-w C:\Windows\System32\SLC.dll

2008-02-23 22:11 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe

2008-02-23 22:11 186,368 ----a-w C:\Windows\System32\SLLUA.exe

2008-02-23 10:14 174 --sha-w C:\Program Files\desktop.ini

2008-02-23 10:10 --------- d-----w C:\Program Files\Windows Sidebar

2008-02-23 10:10 --------- d-----w C:\Program Files\Windows Calendar

2008-02-23 01:22 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-02-23 01:22 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-02-23 01:22 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-02-23 01:18 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-23 01:16 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll

2008-02-23 01:15 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-02-23 01:15 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-02-23 01:15 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-02-23 01:15 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-02-23 01:14 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-02-23 01:14 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys

2008-02-23 01:14 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-02-23 01:14 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-02-23 01:14 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-02-23 01:14 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys

2008-02-23 01:14 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-02-23 01:14 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-02-23 01:14 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS

2008-02-23 01:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-23 01:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-23 01:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-23 01:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-02-23 01:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-23 01:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-23 01:13 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-23 01:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-23 01:12 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2008-02-23 01:12 8,704 ----a-w C:\Windows\System32\hccoin.dll

2008-02-23 01:12 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys

2008-02-23 01:12 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys

2008-02-23 01:12 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys

2008-02-23 01:12 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys

2008-02-23 01:12 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys

2008-02-23 01:12 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys

2008-02-23 01:12 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-02-23 01:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-23 01:11 24,064 ----a-w C:\Windows\System32\netcfg.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{10F0C2A9-8E38-43e3-204D-45524C494E20}]

C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-02-23 02:06 1232896]

“WindowsWelcomeCenter”=“oobefldr.dll” [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-06 19:21 21898024]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-03-29 18:31 171448]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-07-17 04:15 1006264]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 04:35 90112]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-03-23 07:40 857648]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2007-01-08 14:26 68640]

“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2007-01-08 14:17 52256]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-06-13 05:11 4489216 C:\Windows\RtHDVCpl.exe]

“snpstd3”=“C:\Windows\vsnpstd3.exe” [2006-09-18 15:12 843776]

“SBI”=“C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO19F1R7\install_sbd_en[1].exe” []

“BearShare”=“C:\Program Files\BearShare\BearShare.exe” []

“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2008-02-08 19:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“NoHotStart”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3acm”= l3codeca.acm

“MSVideo8”= VfWWDM32.dll

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3acm”= ac3acm.acm

“msacm.lameacm”= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{15FA9090-2D8A-4EBC-9EAC-8B06D83EB1EE}”= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

“{39EA7F28-68C6-4145-84C1-0522E01FCF74}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

“TCP Query User{B99A84CD-764D-4725-B168-DAA1C59C21FD}C:\program files\bearshare\bearshare.exe”= UDP:C:\program files\bearshare\bearshare.exe:BearShare

“UDP Query User{BCD87153-40D5-4A9C-9FB6-6909F9A8BACC}C:\program files\bearshare\bearshare.exe”= TCP:C:\program files\bearshare\bearshare.exe:BearShare

“TCP Query User{1EAF2E01-0142-49D6-86A2-D61FE5D009C6}C:\program files\morpheus\morpheus.exe”= UDP:C:\program files\morpheus\morpheus.exe:Morpheus

“UDP Query User{8F54AAD1-2DC1-446F-A5C7-D6B487390A7F}C:\program files\morpheus\morpheus.exe”= TCP:C:\program files\morpheus\morpheus.exe:Morpheus

“{937908EC-3F8C-418A-A83C-701FFA85D503}”= UDP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe

“{8154087A-6E98-4FBB-94E4-FA77D174C8E1}”= TCP:C:\Windows\System32\rlvknlg.exe:rlvknlg.exe

“{09956462-E879-4AA4-9AF3-96C465319EE6}”= UDP:C:\Program Files\DNA\btdna.exe:DNA

“{541192DE-A966-4950-A21D-5083C09C639F}”= TCP:C:\Program Files\DNA\btdna.exe:DNA

“{AF993FC2-8B5B-4AB4-AEE5-222D11DDE27E}”= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

“{41C540B0-D718-4D2D-9EBC-8477CBE3C9B9}”= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

“TCP Query User{E1162633-1DCC-420D-8592-E4754AEF9CE4}C:\program files\skype\phone\skype.exe”= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

“UDP Query User{6A82AF86-322E-4027-9A07-F1DBC42168E4}C:\program files\skype\phone\skype.exe”= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

“TCP Query User{93D686D0-897D-448A-944A-CFDA685FBBB4}C:\program files\utorrent\utorrent.exe”= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

“UDP Query User{49D9EBA6-8881-45E9-AD28-8AE84B731443}C:\program files\utorrent\utorrent.exe”= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

“TCP Query User{30A888B8-EB16-4DDC-B0FF-D6292DB0E76F}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe”= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup

“UDP Query User{4D1505C2-7085-44AD-817D-DC51DDE1E273}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe”= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

“C:\Program Files\BitTorrent\bittorrent.exe”= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2007-04-26 02:15]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 12:05]

R2 KMDFMEMIO;SAMSUNG Kernel Driver;C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-07-17 03:58]

R2 RelevantKnowledge;RelevantKnowledge;C:\Windows\system32\rlservice.exe [2007-10-11 21:44]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 10:03]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:21]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 02:14]

S2 SpyHunter3 Service;SpyHunter3 Service;“C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe” []

S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 19:46]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 06:20]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 06:20]

S3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 08:30]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 15:21]

S3 SQLWriter;SQL Server VSS Writer;“C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe” [2006-04-14 02:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-05 20:33:41 C:\Windows\Tasks\RegCure Program Check.job”

C:\Program Files\RegCure\RegCure.exe

“2008-04-03 06:12:50 C:\Windows\Tasks\RegCure.job”

C:\Program Files\RegCure\RegCure.exe

“2008-04-05 14:02:33 C:\Windows\Tasks\User_Feed_Synchronization-{62B1D168-4642-4F8B-82FA-6D69419799F4}.job”

C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-05 21:59:51

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SBI = C:\Users\Olivia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GO19F1R7\install_sbd_en[1].exe???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-05 22:00:48

ComboFix-quarantined-files.txt 2008-04-05 21:00:43

The system cannot find message text for message number 0x2379 in the message file for Application.

.

2008-04-03 20:06:03 — E O F —

Leon1 · 6 Kwiecień 2008 10:31

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

gribu · 6 Kwiecień 2008 13:23

Już jestem

Podaje logaComboFix 08-04-04.1 - Olivia 2008-04-06 13:52:08.5 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1135 [GMT 1:00]

Running from: C:\Users\Olivia\Desktop\ComboFix.exe

.

TimedOut: Windir.dat

((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-06 12:54 75,056,160 --sha-w C:\Windows\system32\drivers\fidbox.dat

2008-04-06 12:50 --------- d-----w C:\Users\Olivia\AppData\Roaming\Skype

2008-04-06 12:37 --------- d-----w C:\ProgramData\Kaspersky Lab

2008-04-06 12:36 1,002,104 --sha-w C:\Windows\system32\drivers\fidbox.idx

2008-04-06 09:05 --------- d-----w C:\Program Files\a-squared Free

2008-04-06 08:46 --------- d-----w C:\Users\Olivia\AppData\Roaming\skypePM