Daj log z ComboFix
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Pozdrawiam Gutek2222
ndal jest nie wiem jak to tobie wytłumaczyć coś robisz źle:
Chce 2 log z Gmera:
-
Rootkit=>szukaj=>bez zaznaczania pokaż wszystko=> Ctrl + V do posta wklej
-
Rootkit => zaznaczone tylko Pokazuj wszystko + Usługi => Szukaj => Kopiuj => Ctrl + V do posta wklej
Najbardziej zależy mi na drugim - jak wyglądac ma - np. http://forum.dobreprogramy.pl/viewtopic.php?p=1241777&
klikam na gmera i on sie uruchamia automatycznie…
potem rootkit ,
i gdzie mam opcje pokaz wszystko???
w nim nie ma polskich komend…
Złączono Posta : 28.11.2007 (Sro) 2:21
juz sie calkiem zamotalem…
chyba trzeba mi wytlumaczyc jak krowie
Złączono Posta : 28.11.2007 (Sro) 2:41
Złączono Posta : 28.11.2007 (Sro) 4:20
ComboFix 07-11-19.3 - roger.nimark 2007-11-28 4:03:32.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.580 [GMT 1:00]
Running from: C:\Piotr\inne prog\ComboFix.exe
Command switches used :: C:\Piotr\inne prog\CFScript.log
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-27 20:48
2007-11-26 21:30
2007-11-26 20:44
2007-11-25 19:24
2007-11-25 08:14 2,180,992 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-11-25 04:48
2007-11-25 04:33
2007-11-25 03:59 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-25 03:50
2007-11-25 01:38
2007-11-25 01:30 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-25 01:30 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-25 01:21
2007-11-25 01:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-25 01:21 47,360 --a------ C:\Documents and Settings\roger.nimark\Application Data\pcouffin.sys
2007-11-25 00:46
2007-11-24 13:36
2007-11-24 13:36 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-11-24 13:36 15,340 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2007-11-01 18:55 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-11-01 18:26
2007-10-31 10:23
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 15:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-27 15:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 09:15 --------- d-----w C:\Program Files\Symantec
2007-11-25 06:54 --------- d-----w C:\Program Files\QuickTime
2007-11-25 05:40 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-25 00:26 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\Vso
2007-11-24 23:44 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-11-24 16:10 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\U3
2007-11-24 13:03 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Easyvista
2007-10-26 07:03 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\AdobeUM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:56]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2006-06-06 04:09]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2004-10-30 14:59]
“IgfxTray”=“C:\WINDOWS\System32\igfxtray.exe” [2005-02-15 09:02]
“HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2005-02-15 09:02]
“Dell QuickSet”=“C:\Program Files\Dell\QuickSet\quickset.exe” [2006-06-06 04:09]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2006-06-06 04:09]
“DVDLauncher”=“C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” [2004-04-26 08:04]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
“Synchronization Manager”=“C:\WINDOWS\system32\mobsync.exe” [2004-08-03 23:56]
“GSICONEXE”=“GSICON.EXE” [2002-01-15 09:08 C:\WINDOWS\system32\gsicon.exe]
“DSLAGENTEXE”=“dslagent.exe” [2002-01-15 09:08 C:\WINDOWS\system32\dslagent.exe]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 15:57]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 12:03]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 00:06]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 22:46]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:56]
C:\Documents and Settings\roger.nimark\Start Menu\Programs\Startup\
Picture Motion Browser verktyg f”r mediekontroll.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-21 15:31:43]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-29 13:10:02]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 19:54:48]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [2005-11-28 16:03:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@=“Driver Group”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”
R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys
R1 srosa;Megadrv3;??\C:\WINDOWS\system32\drivers\srosa.sys
R3 glausb;GlobespanVirata USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S2 gafwload;GlobespanVirata USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - SROSA
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-15 17:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2007-11-28 02:30:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job”
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 04:08:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
C:\WINDOWS\system32\drivers\hidr.exe [2136] 0x85F4F2D0
scanning hidden autostart entries …
scanning hidden files …
C:\WINDOWS\system32\drivers\hidr.exe 581045 bytes executable
C:\WINDOWS\system32\drivers\srosa.sys 76618 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“drvsyskit”=“C:\WINDOWS\system32\drivers\hidr.exe”
.
Completion time: 2007-11-28 4:11:25 - machine was rebooted
.
— E O F —
ComboFix 07-11-19.3 - roger.nimark 2007-11-28 4:03:32.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.580 [GMT 1:00]
Running from: C:\Piotr\inne prog\ComboFix.exe
Command switches used :: C:\Piotr\inne prog\CFScript.log
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\exefld
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_SROSA
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.
2007-11-27 20:48
2007-11-26 21:30
2007-11-26 20:44
2007-11-25 19:24
2007-11-25 08:14 2,180,992 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-11-25 04:48
2007-11-25 04:33
2007-11-25 03:59 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-25 03:50
2007-11-25 01:38
2007-11-25 01:30 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-25 01:30 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-25 01:21
2007-11-25 01:21 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-25 01:21 47,360 --a------ C:\Documents and Settings\roger.nimark\Application Data\pcouffin.sys
2007-11-25 00:46
2007-11-24 13:36
2007-11-24 13:36 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
2007-11-24 13:36 15,340 --a------ C:\WINDOWS\system32\drivers\ndisrd.sys
2007-11-01 18:55 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-11-01 18:26
2007-10-31 10:23
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 15:10 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-27 15:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 09:15 --------- d-----w C:\Program Files\Symantec
2007-11-25 06:54 --------- d-----w C:\Program Files\QuickTime
2007-11-25 05:40 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-25 00:26 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\Vso
2007-11-24 23:44 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-11-24 16:10 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\U3
2007-11-24 13:03 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-22 13:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Easyvista
2007-10-26 07:03 --------- d-----w C:\Documents and Settings\roger.nimark\Application Data\AdobeUM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:56]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2006-06-06 04:09]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2004-10-30 14:59]
“IgfxTray”=“C:\WINDOWS\System32\igfxtray.exe” [2005-02-15 09:02]
“HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2005-02-15 09:02]
“Dell QuickSet”=“C:\Program Files\Dell\QuickSet\quickset.exe” [2006-06-06 04:09]
“Apoint”=“C:\Program Files\Apoint\Apoint.exe” [2006-06-06 04:09]
“DVDLauncher”=“C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” [2004-04-26 08:04]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl]
“Synchronization Manager”=“C:\WINDOWS\system32\mobsync.exe” [2004-08-03 23:56]
“GSICONEXE”=“GSICON.EXE” [2002-01-15 09:08 C:\WINDOWS\system32\gsicon.exe]
“DSLAGENTEXE”=“dslagent.exe” [2002-01-15 09:08 C:\WINDOWS\system32\dslagent.exe]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 15:57]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 12:03]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2006-11-24 00:06]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 22:46]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:56]
C:\Documents and Settings\roger.nimark\Start Menu\Programs\Startup\
Picture Motion Browser verktyg f”r mediekontroll.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-21 15:31:43]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-29 13:10:02]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-01-14 19:54:48]
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [2005-11-28 16:03:34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@=“Driver Group”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}]
@=“DiskDrive”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@=“Hdc”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@=“Keyboard”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@=“Mouse”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@=“System”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@=“Volume”
R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys
R1 srosa;Megadrv3;??\C:\WINDOWS\system32\drivers\srosa.sys
R3 glausb;GlobespanVirata USB ADSL LAN Modem;C:\WINDOWS\system32\DRIVERS\glausb.sys
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S2 gafwload;GlobespanVirata USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - SROSA
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-15 17:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
“2007-11-28 02:30:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job”
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 04:08:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
C:\WINDOWS\system32\drivers\hidr.exe [2136] 0x85F4F2D0
scanning hidden autostart entries …
scanning hidden files …
C:\WINDOWS\system32\drivers\hidr.exe 581045 bytes executable
C:\WINDOWS\system32\drivers\srosa.sys 76618 bytes executable
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“drvsyskit”=“C:\WINDOWS\system32\drivers\hidr.exe”
.
Completion time: 2007-11-28 4:11:25 - machine was rebooted
.
— E O F —
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: ** Qoobox**.
Po tym nowy log z Combo oraz
Pobierz program SDFix