no to mam tego LOGA

przez **4mat** » 01 Lis 2007, 01:35

Zrobiłem loga Hijackiem, bo mi się błąd temp2.exe pokazuje tylko co dalej? jeszcze godzinę temu nie wiedziałem że coś takiego jak log istnieje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:25, on 2007-11-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2] wins32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows TM] SVPHOST.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2] wins32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2] wins32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2] wins32.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

przez **4mat** » 01 Lis 2007, 01:54

ComboFix 07-11-01.1 - maz 2007-11-01 0:49:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.320 [GMT 1:00]
Running from: C:\Documents and Settings\maz\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\copy.exe
C:\host.exe
C:\WINDOWS\autorun.inf
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
F:\autorun.inf
F:\copy.exe
F:\host.exe
G:\Autorun.inf
G:\copy.exe
G:\host.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-11-01 00:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 00:12 <DIR> d-------- C:\Program Files\RegCleaner
2007-10-31 23:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-31 22:33 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-31 22:28 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-31 22:28 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-29 20:33 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2007-10-29 20:33 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2007-10-29 20:33 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2007-10-29 20:33 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2007-10-29 12:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-10-29 12:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2007-10-29 12:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2007-10-02 19:49 <DIR> d-------- C:\Documents and Settings\maz\Dane aplikacji\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 22:44 --------- d-----w C:\Program Files\Canon
2007-10-27 12:15 --------- d-----w C:\Program Files\DC++
2007-10-21 12:04 --------- d-----w C:\Program Files\SkanerOnline
2007-10-02 18:49 --------- d-----w C:\Program Files\eMule
2007-09-04 20:04 --------- d-----w C:\Program Files\Creative
2007-09-04 20:02 --------- d-----w C:\Documents and Settings\maz\Dane aplikacji\Creative
2007-09-04 19:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2006-11-25 07:29 19,128 -c--a-w C:\Documents and Settings\maz\Dane aplikacji\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Win32 USB2"=wins32.exe
"Windows TM"=SVPHOST.exe
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Win32 USB2"=wins32.exe
"Windows TM"=SVPHOST.exe

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\SanDisk\CruzerLogin\homefus.dll 2005-05-11 17:57 1015808 C:\Program Files\SanDisk\CruzerLogin\homefus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"C:\Program Files\ATI Multimedia\main\launchpd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"C:\Program Files\Creative\Shared Files\CamTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
"C:\Program Files\Creative\Shared Files\CTSched.exe" /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall Support]
adminet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spool]
C:\WINDOWS\system32\msvc32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SYSTEM]
winipck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wiadomek]
C:\Program Files\Wiadomek\wiadomek.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32 USB2]
wins32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
C:\WINDOWS\system32\defragfatx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows TM]
SVPHOST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XML Service]
msxml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\CruzerProfile.exe /autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8a89017-4423-11db-8eed-000acd046ccb}]
\Shell\AutoRun\command - J:\CruzerProfile.exe /autorun

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 00:50:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-01 0:50:56
.
--- E O F ---

przez **Leon$** » 02 Lis 2007, 00:35

Otwórz notatnik i wklej

Kod: Zaznacz wszystko: Registry:: [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "Win32 USB2"=- "Windows TM"=- [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Win32 USB2"=- "Windows TM"=- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win32 USB2] "wins32.exe"=- [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows TM] "SVPHOST.exe"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8a89017-4423-11db-8eed-000acd046ccb}]

zapisz jako CFScript (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri ... iemoes.gif
na pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER
Powinno rozpocząć się usuwanie

Po restarcie usuń ręcznie folder C: \Qoobox
odszukaj plik wins32.exe usuń go z dysku

Daj nowy log Combo i HijackThis

To wina Pendriva sformatuj go

przez **4mat** » 02 Lis 2007, 01:33

dzięki, napisane tak jak trzeba dla kogoś kto nie słyszał o czyms takim jak LOG nawet upuszczanie pliku na aplikacje (lol)
pomogło, pendrive sformatowany, info o tempie2 sie nie pojawia
pozdrawiam

no to mam tego LOGA

no to mam tego LOGA

a tu combo fix ...

Kto jest na forum