Detection pattern of the boot sector virus BOO/Sinowal.A

przez **pantik** » 18 Paź 2008, 23:38

poniżej podaje dwa logi.
glównie chodzi o to ze avira przestała mi startowac z startem systemu, przy pełnym skanowaniu wyskoczyło mi w avirze

Master boot sector HD2
[DETECTION] Contains detection pattern of the boot sector virus BOO/Sinowal.A
[WARNING] The boot sector cannot be repaired! You can find more information in the help

ale on nie potrafi tego usunąć, gdy podpinam czytnik kart pamięci to zawsze wyskakiwały mi dyski wymienne w moim komputerze (4) a teraz na momencik pojawią się i od razu zmikają dopiero po kilku lub niekiedy kilkunastu odpieciach i wpięciach ponownie wykryje mi na dłuzej i moge wtedy z karty pamięci kozystac.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:23:23, on 2008-10-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\Program Files\Microsoft ActiveSync\Wcescomm.exe E:\PROGRA~1\MICROS~1\rapimgr.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\ESTsoft\ALSong\ALSong.exe C:\Documents and Settings\Programy\Moje dokumenty\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~3\FlashGet\jccatch.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~3\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~3\FlashGet\fgiebar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EdHTML] D:\Programy internetowe\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" noTrayIcon O4 - HKCU\..\Run: [CubeDesktop] D:\Program Files\CubeDesktop\CubeDesktop.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: CamTrack.lnk = E:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user') O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Programy p2p i akceleratory\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy p2p i akceleratory\FlashGet\jc_all.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~3\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~3\FlashGet\flashget.exe O20 - AppInit_DLLs: C:\Program Files\RelevantKnowledge\rlai.dll O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4937 bytes i kolejny "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "EdHTML" = "D:\Programy internetowe\EdHTMLv5.0\EdHTML.exe /none" ["Binboy Software"] "DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] "VisualTaskTips" = ""C:\Program Files\VisualTaskTips\VisualTaskTips.exe" noTrayIcon" "CubeDesktop" = "D:\Program Files\CubeDesktop\CubeDesktop.exe" ["Thinking Minds Building Bytes"] "H/PC Connection Agent" = ""E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "Launch Ai Booster" = "C:\Program Files\ASUS\Ai Booster\OverClk.exe 1" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch5 Class" \InProcServer32\(Default) = "D:\PROGRA~3\FlashGet\jccatch.dll" ["FlashGet"] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "gFlash Class" \InProcServer32\(Default) = "D:\PROGRA~3\FlashGet\getflash.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "d:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data] "{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" = "IVB Shl Ext" -> {HKLM...CLSID} = "IIVBShlExt Class" \InProcServer32\(Default) = "d:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll" [null data] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "CorelDRAW Shell Extension Component" -> {HKLM...CLSID} = "CorelDRAW Shell Extension Component" \InProcServer32\(Default) = "G:\Corel_Draw_11_Portable\Corel Draw 11 Portable\portable\..\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll" ["Corel Corporation"] "{ABE00001-0123-ABED-1248-0248ADFA1909}" = "Zoom Player ShellExt" -> {HKLM...CLSID} = "ZPShellExt" \InProcServer32\(Default) = "e:\PROGRA~1\ZOOMPL~1\zpshlext.dll" [null data] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Urządzenie przenośne" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~1\Wcesview.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> RelevantKnowledge\DLLName = "C:\Program Files\RelevantKnowledge\rlls.dll" ["RelevantKnowledge"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "d:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll" [null data] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WebAlbum3D\(Default) = "{5C3CA950-420D-439E-A8C1-37F2196C48B2}" -> {HKLM...CLSID} = "WebAlbumContextMenu Class" \InProcServer32\(Default) = "D:\Programy Graficzne\Web Photo Album\webalbumcontext.dll" ["VicMan Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WebAlbum3D\(Default) = "{5C3CA950-420D-439E-A8C1-37F2196C48B2}" -> {HKLM...CLSID} = "WebAlbumContextMenu Class" \InProcServer32\(Default) = "D:\Programy Graficzne\Web Photo Album\webalbumcontext.dll" ["VicMan Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZPShellExt\(Default) = "{ABE00001-0123-ABED-1248-0248ADFA1909}" -> {HKLM...CLSID} = "ZPShellExt" \InProcServer32\(Default) = "e:\PROGRA~1\ZOOMPL~1\zpshlext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ ALSongContext\(Default) = "{CBE49257-71F8-44B4-B536-FF5359F0AEAA}" -> {HKLM...CLSID} = "ALContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\ESTsoft\ALSong\ALSongSh.dll" ["Copyright (C) 2005 ESTsoft corp."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ IVBShlExt\(Default) = "{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF}" -> {HKLM...CLSID} = "IIVBShlExt Class" \InProcServer32\(Default) = "d:\Program Files\Photo!\Photo! Editor\IvBar\ivbshlext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Programy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\WINDOW~1.SCR" (Windows Vista.scr) [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ ALSongCDAudioOnArrival\ "Provider" = "ALSong Player" "InvokeProgID" = "ALSong.AudioCD" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\ALSong.AudioCD\shell\open\Command\(Default) = ""C:\Program Files\ESTsoft\ALSong\ALSong.exe" "%1"" ["ESTsoft corp."] ALSongMediaOnArrival\ "Provider" = "ALSong Player" "InvokeProgID" = "ALSong.AutoPlay" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\ALSong.AutoPlay\shell\open\Command\(Default) = ""C:\Program Files\ESTsoft\ALSong\ALSong.exe" "%1"" ["ESTsoft corp."] AVSTVVideoCameraArrival\ "Provider" = "AVS TV Box" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "e:\Program Files\AVSMedia\TV Box\AVSTVBox.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] FunMultiMediaHandler\ "Provider" = "MultiMedia Manager" "ProgID" = "FUNBOX.Autoplay" HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}" -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2" \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\Command\(Default) = "C:\Program Files\Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe %1 /dvd" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\Command\(Default) = "C:\Program Files\Recode Media\X Codec Pack v2\Media Player Classic\mplayerc.exe %1" ["Gabest"] STOIKCapturerVCArrival\ "Provider" = "STOIK Capturer" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "E:\Program Files\STOIK Imaging\STOIK Capturer\STOIKCap.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] Startup items in "Programy" & "All Users" startup folders: ---------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Action Manager 32" -> shortcut to: "C:\Program Files\ScannerU\AM32.exe" [null data] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "D:\PROGRA~3\FlashGet\fgiebar.dll" ["Amaze Soft"] "{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Utwórz Ulubione dla urządzenia przenośnego..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "E:\PROGRA~1\MICROS~1\INetRepl.dll" [MS] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "D:\PROGRA~3\FlashGet\flashget.exe" ["FlashGet.com"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] Avira AntiVir Personal – Free Antivirus Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] ---------- (launch time: 2008-10-18 23:25:46) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 65 seconds, including 9 seconds for message boxes)

przez **Neon1992** » 18 Paź 2008, 23:42

Fix w HijackThis.

O20 - AppInit_DLLs: C:\Program Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll

Przeczyść system programem CCleaner.

przez **pantik** » 18 Paź 2008, 23:47

aha to coś jest do procesora chyba wydaje mi sie ze od podkręcania ale nie działa wyskakują błędy coś o pamięci i kaies zera xxxxx itp

O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1

przez **huber2t** » 19 Paź 2008, 06:29

Podaj log z Combofix

przez **pantik** » 19 Paź 2008, 11:05

Kod: Zaznacz wszystko: ComboFix 08-10-18.02 - Programy 2008-10-19 10:51:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1183 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Programy\Moje dokumenty\ComboFix.exe * Utworzono nowy punkt przywracania [color=RED][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\RichVideoCodec re . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-19 do 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 00:06 . 2008-10-19 00:06 <DIR> d-------- C:\Program Files\CCleaner 2008-10-16 19:13 . 2008-10-16 19:13 66,048 --a------ C:\mbr.exe 2008-10-08 21:10 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2008-10-08 21:10 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2008-10-04 12:43 . 2008-10-04 12:47 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Desktop Sidebar 2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\AGD plugin 2008-10-01 21:19 . 2008-10-01 21:19 <DIR> d-------- C:\Program Files\HaftiX 2008-10-01 21:14 . 2008-10-01 21:14 <DIR> d-------- C:\Program Files\Haft Krzyzykowy 2008-09-28 22:41 . 2008-09-28 22:41 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Any Video Converter 2008-09-28 21:42 . 2008-09-28 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player 2008-09-28 20:33 . 2008-09-28 20:47 222 --a------ C:\WINDOWS\VOGEL.INI 2008-09-28 11:55 . 2008-09-28 11:55 <DIR> d-------- C:\Documents and Settings\Gry\Dane aplikacji\CamTrack 2008-09-28 11:28 . 2008-09-28 11:28 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Corel Portable 2008-09-25 22:26 . 2008-09-25 22:26 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\STOIK 2008-09-25 22:00 . 2008-09-25 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU 2008-09-25 21:59 . 2008-09-25 21:59 <DIR> d-------- C:\Program Files\AVSMedia 2008-09-25 21:59 . 2008-09-25 22:12 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\AVSMedia 2008-09-25 21:58 . 2008-09-25 21:59 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-09-25 21:58 . 2002-01-05 15:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-09-25 21:58 . 2002-01-05 14:16 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll 2008-09-25 21:58 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2008-09-25 21:45 . 2008-09-25 21:45 16 ---h----- C:\WINDOWS\[u]0[/u]86083050075053 2008-09-25 21:31 . 2008-09-25 21:33 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\CamTrack 2008-09-25 21:31 . 2008-04-30 21:01 108,488 --a------ C:\WINDOWS\system32\drivers\dptrackerd.sys 2008-09-23 19:48 . 2008-09-23 19:48 <DIR> d-------- C:\Program Files\KC Softwares 2008-09-21 17:15 . 2008-09-21 17:15 <DIR> d-------- C:\Documents and Settings\Gry\Dane aplikacji\DivX 2008-09-21 15:33 . 2008-09-21 15:33 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Consultia 2008-09-20 21:25 . 2008-09-21 19:54 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\TeamViewer 2008-09-20 21:24 . 2008-09-21 21:34 <DIR> d-------- C:\Program Files\TeamViewer3 2008-09-20 21:24 . 2008-09-20 21:24 <DIR> d-------- C:\Documents and Settings\Programy\temp 2008-09-19 20:59 . 2008-09-19 21:06 <DIR> d-------- C:\Program Files\Prawo Jazdy 2006 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-17 20:03 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\FileZilla 2008-10-17 16:07 1,314 ----a-w C:\Documents and Settings\Programy\Dane aplikacji\wklnhst.dat 2008-10-08 22:07 --------- d-----w C:\Program Files\Opera 2008-10-04 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-18 17:22 --------- d-----w C:\Program Files\Google 2008-09-17 17:47 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\uTorrent 2008-09-16 20:56 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\Template 2008-09-16 20:54 --------- d-----w C:\Program Files\MSXML 6.0 2008-09-13 18:28 --------- d-----w C:\Program Files\Vimicro 2008-09-13 08:55 --------- d-----w C:\Program Files\ScannerU 2008-09-12 17:09 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-09-11 16:17 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-10 21:14 --------- d-----w C:\Program Files\Pivot Stickfigure Animator 2008-09-10 20:40 --------- d-----w C:\Program Files\AlsRack 2008-09-10 20:39 4,261 ----a-w C:\WINDOWS\system32\drivers\rtport.sys 2008-09-10 20:39 4,261 ----a-w C:\WINDOWS\rtport.tmp 2008-09-07 13:44 --------- d-----w C:\Program Files\ViStart 2008-09-07 10:52 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-09-07 10:52 --------- d-----w C:\Program Files\VisualTaskTips 2008-09-07 10:52 --------- d-----w C:\Program Files\VistaDriveIcon 2008-09-07 10:28 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\ViStart 2008-09-06 21:36 --------- d-----w C:\Program Files\Vista Drive Icon 2008-09-06 21:28 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys 2008-09-06 21:26 --------- d-----w C:\Program Files\Common Files\Stardock 2008-09-06 21:22 --------- d-----w C:\Program Files\Stardock 2008-09-06 13:12 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\Samsung 2008-09-06 12:47 --------- d-----w C:\Program Files\Samsung 2008-08-31 16:37 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-31 16:37 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2008-08-31 16:35 --------- d-----w C:\Program Files\Common Files\Motorola Shared 2008-08-30 08:32 --------- d-----w C:\Program Files\RelevantKnowledge 2008-08-29 15:52 --------- d-----w C:\Program Files\FLV Player 2008-08-25 18:18 --------- d-----w C:\Program Files\Multimedia Keyboard Driver 2008-08-19 21:12 --------- d-----w C:\Program Files\xp-AntiSpy 2008-08-04 14:21 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL 2008-08-04 14:21 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL 2008-08-04 14:21 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL 2008-07-26 19:33 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-07-26 19:33 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-26 19:19 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ------- Sigcheck ------- 2004-08-04 01:44 803840 fa593fc36ac2ed005c1ec09a3e991ec4 C:\WINDOWS\system32\wininet.dll 2004-08-04 01:44 803840 fa593fc36ac2ed005c1ec09a3e991ec4 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\VistaMizer\old\wininet.dll 2004-08-04 01:44 544256 87d414eba254e42649f4d0a00bb653c6 C:\WINDOWS\system32\winlogon.exe 2004-08-04 01:44 544256 87d414eba254e42649f4d0a00bb653c6 C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\VistaMizer\old\winlogon.exe 2004-08-04 01:54 2315392 37e799d6050ae484152b039cc2f06e5d C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 01:54 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 2004-08-04 01:39 2439552 c9d5b530332fe1f4c7c2189104da7ffd C:\WINDOWS\system32\ntoskrnl.exe 2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS\VistaMizer\old\ntoskrnl.exe 2004-08-04 01:44 1551872 fe6ddf00b672c3647b9f20e09b7774ee C:\WINDOWS\explorer.exe 2004-08-04 01:44 1551872 fe6ddf00b672c3647b9f20e09b7774ee C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\VistaMizer\old\explorer.exe 2004-08-04 01:44 25088 36eab91ffd244d3202830e417c45e0a5 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 01:44 25088 36eab91ffd244d3202830e417c45e0a5 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\VistaMizer\old\ctfmon.exe 2004-08-04 01:44 112128 0e83c0f3d9594854e83df1051e694966 C:\WINDOWS\system32\wuauclt.exe 2004-08-04 01:44 112128 0e83c0f3d9594854e83df1051e694966 C:\WINDOWS\system32\dllcache\wuauclt.exe 2004-08-04 01:44 112128 ebf4ac22004504c422fc8b5ee5b6ffd1 C:\WINDOWS\VistaMizer\old\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088] "EdHTML"="D:\Programy internetowe\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440] "CubeDesktop"="D:\Program Files\CubeDesktop\CubeDesktop.exe" [2007-12-19 3125248] "H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 13529088] "Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-11-30 1978368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088] C:\Documents and Settings\Gry\Menu Start\Programy\Autostart\ CamTrack.lnk - E:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2008-09-25 468584] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2008-09-13 69632] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-25 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.MSNAUDIO"= msnaudio.acm "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\TeamViewer3\\TeamViewer.exe"= "E:\Program Files\Microsoft ActiveSync\rapimgr.exe"= E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"= E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 3xHybrid;TV-Station DVR service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536] S3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 28919] S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt [2007-10-14 22640] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160] S3 vvftav303;vvftav303;C:\WINDOWS\system32\drivers\vvftav303.sys [2007-03-18 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2007-03-16 1474560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f316c72d-72ec-11dd-a93e-0050045641d3}] \Shell\AutoRun\command - K:\USBNB.exe *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Skan uzupełniający ------- . O8 -: Ściągnij przy pomocy FlashGet'a - D:\Programy p2p i akceleratory\FlashGet\jc_link.htm O8 -: Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy p2p i akceleratory\FlashGet\jc_all.htm . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 10:53:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\G:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt" . Czas ukończenia: 2008-10-19 10:56:41 ComboFix-quarantined-files.txt 2008-10-19 08:55:39 Przed: 2 541 830 144 bajtów wolnych Po: 2,744,807,424 bajtów wolnych 189

przez **huber2t** » 19 Paź 2008, 11:13

podaj log z programu: C:\mbr.exe

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko: File:: C:\WINDOWS\086083050075053 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EdHTML"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=-

Plik

zapisz jako

CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

[obrazek nie jest już dostępny]
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na wklej.eu a w poście dajesz tylko link

Usuń ją i zainstaluj ponownie

przez **pantik** » 19 Paź 2008, 11:29

to ten pierwszy

Kod: Zaznacz wszystko: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK

i ponownie z comba

Kod: Zaznacz wszystko: ComboFix 08-10-18.02 - Programy 2008-10-19 11:18:10.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1060 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Programy\Moje dokumenty\ComboFix.exe Użyto następujących komend :: C:\Documents and Settings\Programy\Moje dokumenty\CFScript.txt * Utworzono nowy punkt przywracania [color=RED][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color] FILE :: C:\WINDOWS\[u]0[/u]86083050075053 . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\[u]0[/u]86083050075053 . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-19 do 2008-10-19 ))))))))))))))))))))))))))))))) . 2008-10-19 00:06 . 2008-10-19 00:06 <DIR> d-------- C:\Program Files\CCleaner 2008-10-16 19:13 . 2008-10-16 19:13 66,048 --a------ C:\mbr.exe 2008-10-08 21:10 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2008-10-08 21:10 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2008-10-04 12:43 . 2008-10-04 12:47 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Desktop Sidebar 2008-10-01 21:59 . 2008-10-01 21:59 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\AGD plugin 2008-10-01 21:19 . 2008-10-01 21:19 <DIR> d-------- C:\Program Files\HaftiX 2008-10-01 21:14 . 2008-10-01 21:14 <DIR> d-------- C:\Program Files\Haft Krzyzykowy 2008-09-28 22:41 . 2008-09-28 22:41 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Any Video Converter 2008-09-28 21:42 . 2008-09-28 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Zoom Player 2008-09-28 20:33 . 2008-09-28 20:47 222 --a------ C:\WINDOWS\VOGEL.INI 2008-09-28 11:55 . 2008-09-28 11:55 <DIR> d-------- C:\Documents and Settings\Gry\Dane aplikacji\CamTrack 2008-09-28 11:28 . 2008-09-28 11:28 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Corel Portable 2008-09-25 22:26 . 2008-09-25 22:26 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\STOIK 2008-09-25 22:00 . 2008-09-25 22:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\AVS4YOU 2008-09-25 21:59 . 2008-09-25 21:59 <DIR> d-------- C:\Program Files\AVSMedia 2008-09-25 21:59 . 2008-09-25 22:12 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\AVSMedia 2008-09-25 21:58 . 2008-09-25 21:59 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2008-09-25 21:58 . 2002-01-05 15:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-09-25 21:58 . 2002-01-05 14:16 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll 2008-09-25 21:58 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2008-09-25 21:31 . 2008-09-25 21:33 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\CamTrack 2008-09-25 21:31 . 2008-04-30 21:01 108,488 --a------ C:\WINDOWS\system32\drivers\dptrackerd.sys 2008-09-23 19:48 . 2008-09-23 19:48 <DIR> d-------- C:\Program Files\KC Softwares 2008-09-21 17:15 . 2008-09-21 17:15 <DIR> d-------- C:\Documents and Settings\Gry\Dane aplikacji\DivX 2008-09-21 15:33 . 2008-09-21 15:33 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\Consultia 2008-09-20 21:25 . 2008-09-21 19:54 <DIR> d-------- C:\Documents and Settings\Programy\Dane aplikacji\TeamViewer 2008-09-20 21:24 . 2008-09-21 21:34 <DIR> d-------- C:\Program Files\TeamViewer3 2008-09-20 21:24 . 2008-09-20 21:24 <DIR> d-------- C:\Documents and Settings\Programy\temp 2008-09-19 20:59 . 2008-09-19 21:06 <DIR> d-------- C:\Program Files\Prawo Jazdy 2006 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-17 20:03 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\FileZilla 2008-10-17 16:07 1,314 ----a-w C:\Documents and Settings\Programy\Dane aplikacji\wklnhst.dat 2008-10-08 22:07 --------- d-----w C:\Program Files\Opera 2008-10-04 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-18 17:22 --------- d-----w C:\Program Files\Google 2008-09-17 17:47 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\uTorrent 2008-09-16 20:56 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\Template 2008-09-16 20:54 --------- d-----w C:\Program Files\MSXML 6.0 2008-09-13 18:28 --------- d-----w C:\Program Files\Vimicro 2008-09-13 08:55 --------- d-----w C:\Program Files\ScannerU 2008-09-12 17:09 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-09-11 16:17 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-09-10 21:14 --------- d-----w C:\Program Files\Pivot Stickfigure Animator 2008-09-10 20:40 --------- d-----w C:\Program Files\AlsRack 2008-09-10 20:39 4,261 ----a-w C:\WINDOWS\system32\drivers\rtport.sys 2008-09-10 20:39 4,261 ----a-w C:\WINDOWS\rtport.tmp 2008-09-07 13:44 --------- d-----w C:\Program Files\ViStart 2008-09-07 10:52 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-09-07 10:52 --------- d-----w C:\Program Files\VisualTaskTips 2008-09-07 10:52 --------- d-----w C:\Program Files\VistaDriveIcon 2008-09-07 10:28 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\ViStart 2008-09-06 21:36 --------- d-----w C:\Program Files\Vista Drive Icon 2008-09-06 21:28 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys 2008-09-06 21:26 --------- d-----w C:\Program Files\Common Files\Stardock 2008-09-06 21:22 --------- d-----w C:\Program Files\Stardock 2008-09-06 13:12 --------- d-----w C:\Documents and Settings\Programy\Dane aplikacji\Samsung 2008-09-06 12:47 --------- d-----w C:\Program Files\Samsung 2008-08-31 16:37 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-31 16:37 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2008-08-31 16:35 --------- d-----w C:\Program Files\Common Files\Motorola Shared 2008-08-30 08:32 --------- d-----w C:\Program Files\RelevantKnowledge 2008-08-29 15:52 --------- d-----w C:\Program Files\FLV Player 2008-08-25 18:18 --------- d-----w C:\Program Files\Multimedia Keyboard Driver 2008-08-19 21:12 --------- d-----w C:\Program Files\xp-AntiSpy 2008-08-04 14:21 57,344 ----a-w C:\WINDOWS\system32\COMMTB32.DLL 2008-08-04 14:21 169,984 ----a-w C:\WINDOWS\system32\P2D.DLL 2008-08-04 14:21 161,552 ----a-w C:\WINDOWS\system32\ASYCPICT.DLL 2008-07-26 19:33 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-07-26 19:33 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-26 19:19 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll . ------- Sigcheck ------- 2004-08-04 01:44 803840 fa593fc36ac2ed005c1ec09a3e991ec4 C:\WINDOWS\system32\wininet.dll 2004-08-04 01:44 803840 fa593fc36ac2ed005c1ec09a3e991ec4 C:\WINDOWS\system32\dllcache\wininet.dll 2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS\VistaMizer\old\wininet.dll 2004-08-04 01:44 544256 87d414eba254e42649f4d0a00bb653c6 C:\WINDOWS\system32\winlogon.exe 2004-08-04 01:44 544256 87d414eba254e42649f4d0a00bb653c6 C:\WINDOWS\system32\dllcache\winlogon.exe 2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\VistaMizer\old\winlogon.exe 2004-08-04 01:54 2315392 37e799d6050ae484152b039cc2f06e5d C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-04 01:54 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe 2004-08-04 01:39 2439552 c9d5b530332fe1f4c7c2189104da7ffd C:\WINDOWS\system32\ntoskrnl.exe 2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS\VistaMizer\old\ntoskrnl.exe 2004-08-04 01:44 1551872 fe6ddf00b672c3647b9f20e09b7774ee C:\WINDOWS\explorer.exe 2004-08-04 01:44 1551872 fe6ddf00b672c3647b9f20e09b7774ee C:\WINDOWS\system32\dllcache\explorer.exe 2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\VistaMizer\old\explorer.exe 2004-08-04 01:44 25088 36eab91ffd244d3202830e417c45e0a5 C:\WINDOWS\system32\ctfmon.exe 2004-08-04 01:44 25088 36eab91ffd244d3202830e417c45e0a5 C:\WINDOWS\system32\dllcache\ctfmon.exe 2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\VistaMizer\old\ctfmon.exe 2004-08-04 01:44 112128 0e83c0f3d9594854e83df1051e694966 C:\WINDOWS\system32\wuauclt.exe 2004-08-04 01:44 112128 0e83c0f3d9594854e83df1051e694966 C:\WINDOWS\system32\dllcache\wuauclt.exe 2004-08-04 01:44 112128 ebf4ac22004504c422fc8b5ee5b6ffd1 C:\WINDOWS\VistaMizer\old\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 25088] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952] "VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440] "CubeDesktop"="D:\Program Files\CubeDesktop\CubeDesktop.exe" [2007-12-19 3125248] "H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" [2004-11-30 1978368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 25088] C:\Documents and Settings\Gry\Menu Start\Programy\Autostart\ CamTrack.lnk - E:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2008-09-25 468584] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2008-09-13 69632] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-25 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.MSNAUDIO"= msnaudio.acm "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Opera\\opera.exe"= "C:\\Program Files\\TeamViewer3\\TeamViewer.exe"= "E:\Program Files\Microsoft ActiveSync\rapimgr.exe"= E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"= E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service S2 BulkUsb;Plustek USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 3xHybrid;TV-Station DVR service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536] S3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\system32\drivers\als4000.sys [2001-10-22 28919] S3 EverestDriver;Lavalys EVEREST Kernel Driver;G:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt [2007-10-14 22640] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704] S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160] S3 vvftav303;vvftav303;C:\WINDOWS\system32\drivers\vvftav303.sys [2007-03-18 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);C:\WINDOWS\system32\Drivers\usbVM303.sys [2007-03-16 1474560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f316c72d-72ec-11dd-a93e-0050045641d3}] \Shell\AutoRun\command - K:\USBNB.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 11:19:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver] "ImagePath"="\??\G:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt" . Czas ukończenia: 2008-10-19 11:20:52 ComboFix-quarantined-files.txt 2008-10-19 09:20:36 ComboFix2.txt 2008-10-19 08:56:43 Przed: 2 797 326 336 bajtów wolnych Po: 2,787,815,424 bajtów wolnych 187

przez **huber2t** » 19 Paź 2008, 11:34

W logach nic nie widze

Przeinstaluj antywirusa

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

przez **pantik** » 19 Paź 2008, 19:21

kaspersky znalazł mi jenego zainfekowanego plika ale wir był niegroxny - ręcznie go skasowałem. tak jakby wszystko było ok ale jeszcze mi nie chce czytac kart pamięci jak podpinam czytnik na innym kompie to wyszystko jest ok tylko tuttaj coś nawala z tym wykrywa mi czytnik na czytniku pokazuje sie dioda ze karta jest aktywna ale gdy klikne dwa razy na ikonke czytnika z karta to komp mysli , nie zawiesza sie ale spowalnia strasznie i mysli cały czas dopiero jak wyjme karte (obojętnie jaka to karta próbowałem 2 GB 1 GB 256 i 64 i zadna nie dałą sie odczytać.

przez **huber2t** » 19 Paź 2008, 19:26

Pobierz SDFix, https://www.instalki.pl/programy/downlo ... SDFix.html .

Instrukcja obsługi :

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Y nastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.

Jak podajesz logi zaznaczaj je tagem code lub quote czyli zaznaczasz caly log z sdfix'a i kilkasz w code lub quote .

Logi dajesz na wklej.eu

przez **pantik** » 19 Paź 2008, 19:36

do czego jest ten SDFix

przez **pantik** » 19 Paź 2008, 19:38

zaczynam restart jak zrobie to wyśle to co mi wyjdzie

przez **huber2t** » 19 Paź 2008, 19:40

Jest do usuwania syfu, przejedź nim może coś znajdzie

przez **pantik** » 19 Paź 2008, 20:10

Kod: Zaznacz wszystko: [b]SDFix: Version 1.236 [/b] Run by Programy on 2008-10-19 at 19:39 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\Programy\Dane aplikacji\wklnhst.dat - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-19 19:57:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:64,f8,9b,e1,33,10,bc,a8,71,1b,d1,2d,31,d0,7b,d3,6a,7c,6d,54,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,57,8f,c4,d3,8d,bd,5b,81,a3,53,aa,40,09,c0,2a,fc,09,.. "khjeh"=hex:55,04,49,6d,b5,01,e7,8e,b6,2a,1e,5b,7c,e3,87,91,5f,cd,e2,5e,f0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:23,c9,78,2a,c9,b5,30,f1,e7,1a,41,89,93,8c,95,25,50,43,9b,9f,94,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:64,f8,9b,e1,33,10,bc,a8,71,1b,d1,2d,31,d0,7b,d3,6a,7c,6d,54,82,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,57,8f,c4,d3,8d,bd,5b,81,a3,53,aa,40,09,c0,2a,fc,09,.. "khjeh"=hex:55,04,49,6d,b5,01,e7,8e,b6,2a,1e,5b,7c,e3,87,91,5f,cd,e2,5e,f0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:23,c9,78,2a,c9,b5,30,f1,e7,1a,41,89,93,8c,95,25,50,43,9b,9f,94,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser" "C:\\Program Files\\TeamViewer3\\TeamViewer.exe"="C:\\Program Files\\TeamViewer3\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="E:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="E:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll" Thu 20 Mar 2003 106,496 A.SHR --- "C:\Documents and Settings\Programy\Pulpit\NavGPS PRO v.4.0.4\DLL-wymagane\dssdh.dll" Thu 20 Mar 2003 89,600 A.SHR --- "C:\Documents and Settings\Programy\Pulpit\NavGPS PRO v.4.0.4\DLL-wymagane\rsaenh.dll" [b]Finished![/b]

przez **huber2t** » 19 Paź 2008, 20:13

Naprawił on kilka błędów

Czy już jest ok?

Detection pattern of the boot sector virus BOO/Sinowal.A

Detection pattern of the boot sector virus BOO/Sinowal.A

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Re: prosze o sprawdzenie loga

Kto jest na forum