Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Proszę o sprawdzenie loga!
25 Cze 2007, 17:34
proszę o sprawdzenie mojego krótkiego loga!
- Kod:
Logfile of HijackThis v1.99.1
Scan saved at 17:34:35, on 2007-06-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Gadu-Gadu7.7\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {2DF42295-92C3-4A7B-B39D-923D54DD239A} - C:\WINDOWS\system32\awtqp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu7.7\gg.exe" /tray
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A0D32F2-4FBD-4E68-85FC-3027D6F62270}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
25 Cze 2007, 18:00
O2 - BHO: (no name) - {2DF42295-92C3-4A7B-B39D-923D54DD239A} - C:\WINDOWS\system32\awtqp.dll (file missing)
FIX.
Nic więcej się nie znajdzie...
25 Cze 2007, 18:05
dzięki arexe
25 Cze 2007, 21:00
A ja dalej jestem pewien, że masz Vundo... przeczytaj co pisałem w starym topicu i daj loga z Combofix.
26 Cze 2007, 08:20
vundofix.txt:
combofix:
- Kod:
VundoFix V6.3.21
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 08:42:58 2007-05-03
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 18:35:23 2007-06-23
Listing files found while scanning....
C:\windows\system32\awtqp.dll
C:\windows\system32\hggebxy.dll
C:\windows\system32\hqqgwqyo.ini
C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ljjjjkl.dll
C:\windows\system32\lxtdoejs.dll
C:\WINDOWS\system32\mthxyodl.dll
C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uxkpiyny.ini
C:\WINDOWS\system32\yfrcnufx.dll
C:\windows\system32\ynyipkxu.dll
Beginning removal...
Attempting to delete C:\windows\system32\awtqp.dll
C:\windows\system32\awtqp.dll Has been deleted!
Attempting to delete C:\windows\system32\hggebxy.dll
C:\windows\system32\hggebxy.dll Has been deleted!
Attempting to delete C:\windows\system32\hqqgwqyo.ini
C:\windows\system32\hqqgwqyo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ldoyxhtm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjjkl.dll
C:\WINDOWS\system32\ljj
Beginning removal...
Attempting to delete C:\windows\system32\lxtdoejs.dll
C:\windows\system32\lxtdoejs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mthxyodl.dll
C:\WINDOWS\system32\mthxyodl.dll Has been deleted!
Attempting to delete C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\oyqwgqqh.dll Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak1 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.bak2 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.ini
C:\windows\system32\pqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.tmp Has been deleted!
Attempting to delete C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uqamtsjh.exe Has been deleted!
Attempting to delete C:\windows\system32\uxkpiyny.ini
C:\windows\system32\uxkpiyny.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfrcnufx.dll
C:\WINDOWS\system32\yfrcnufx.dll Has been deleted!
Attempting to delete C:\windows\system32\ynyipkxu.dll
C:\windows\system32\ynyipkxu.dll Has been deleted!
Performing Repairs to the registry.
Done!
combofix:
- Kod:
"1" - 2007-06-26 8:00:03 - ComboFix 07-06-25.3 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))
2007-06-26 07:57 60,416 --a------ C:\WINDOWS\system32\drivers\mliigwcm.sys
2007-06-26 07:57 126,976 --a------ C:\zip.exe
2007-06-26 07:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 08:33 <DIR> d-------- C:\Program Files\Firebird
2007-06-25 08:12 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-06-25 08:12 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-06-24 15:09 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Inbit
2007-06-24 15:05 <DIR> d-------- C:\Program Files\Inbit
2007-06-24 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Inbit
2007-06-24 14:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-24 08:06 4,256 -ra------ C:\WINDOWS\system32\NTPORTIO.SYS
2007-06-24 08:05 4,256 -ra------ C:\WINDOWS\NTPORTIO.SYS
2007-06-23 17:38 <DIR> d--hs---- C:\found.000
2007-06-23 17:09 122,900 --a------ C:\WINDOWS\system32\rblamfll.exe
2007-06-23 16:35 122,900 --a------ C:\WINDOWS\system32\fpovaekk.exe
2007-06-23 13:18 122,900 --a------ C:\WINDOWS\system32\uqwqkimg.exe
2007-06-23 12:50 122,900 --a------ C:\WINDOWS\system32\aqctjplo.exe
2007-06-23 10:40 <DIR> d-------- C:\Program Files\DreamRender
2007-06-23 10:38 122,900 --a------ C:\WINDOWS\system32\fgiaxipp.exe
2007-06-23 08:24 122,900 --a------ C:\WINDOWS\system32\fkjofren.exe
2007-06-23 07:56 122,900 --a------ C:\WINDOWS\system32\gdjynqer.exe
2007-06-23 07:53 4,628 --a------ C:\WINDOWS\system32\kxbehrja.exe
2007-06-23 07:47 122,900 --a------ C:\WINDOWS\system32\kyxdibal.exe
2007-06-21 20:18 122,900 --a------ C:\WINDOWS\system32\hhkfohme.exe
2007-06-21 17:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-21 17:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-21 17:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-21 17:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-21 17:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-21 17:12 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-21 17:12 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-19 20:05 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Sylpheed
2007-06-19 19:30 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-19 19:23 <DIR> dr-h----- C:\MSOCache
2007-06-19 19:01 122,900 --a------ C:\WINDOWS\system32\gjqwqrwr.exe
2007-06-18 16:51 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-18 07:16 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Apple Computer
2007-06-18 07:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-18 07:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-06-14 14:57 <DIR> d-------- C:\Program Files\SHOUTcast
2007-06-07 20:49 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-06-07 20:49 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-06-07 20:49 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-06-07 20:49 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-06-07 20:49 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-06-07 20:49 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-07 20:39 24,575 --a------ C:\WINDOWS\system32\Bwinsysmwappio61.dll
2007-06-07 20:38 831,488 --a------ C:\WINDOWS\system32\AudioCDGrabber2.dll
2007-06-07 20:38 638,976 --a------ C:\WINDOWS\system32\AudioCDWriter2.dll
2007-06-07 20:38 450,560 --a------ C:\WINDOWS\system32\AudioTransform2.dll
2007-06-07 20:38 4,085,904 --a------ C:\WINDOWS\system32\wmfdist.exe
2007-06-07 20:38 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-07 20:38 315,392 --a------ C:\WINDOWS\system32\AudioPlayer2.dll
2007-06-07 20:38 311,296 --a------ C:\WINDOWS\system32\AudioRecord2.dll
2007-06-07 20:38 270,336 --a------ C:\WINDOWS\system32\AudioDisplay2.dll
2007-06-07 20:38 196,608 --a------ C:\WINDOWS\system32\WMAFile2.dll
2007-06-07 20:38 184,320 --a------ C:\WINDOWS\system32\WMABroadcastService2.dll
2007-06-07 20:38 1,843,200 --a------ C:\WINDOWS\system32\AudioFile2.dll
2007-06-07 20:38 1,794,048 --a------ C:\WINDOWS\system32\AudioDesign2.dll
2007-06-07 20:38 1,036,288 --a------ C:\WINDOWS\system32\AudioInformation2.dll
2007-06-07 20:17 <DIR> d-------- C:\Mp3con
2007-06-07 20:13 3,082 --a------ C:\WINDOWS\system32\affv6628p3now.sys
2007-06-07 20:00 <DIR> d-------- C:\My Music
2007-06-03 12:25 51,712 --a------ C:\WINDOWS\wc98pp.dll
2007-06-01 16:37 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Gadu-Gadu
2007-05-31 19:24 <DIR> d-------- C:\Program Files\Nowy folder
2007-05-31 16:40 <DIR> d-------- C:\Program Files\Activision
2007-05-31 16:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-28 13:59 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\InstallShield
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-19 17:54:05 65,894 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:54:05 386,110 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-18 15:05:51 5,955 ----a-w C:\WINDOWS\mozver.dat
2007-06-12 16:24:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 17:35:38 -------- d-----w C:\DOCUME~1\1\DANEAP~1\BearShare
2007-05-19 05:58:17 -------- d-----w C:\DOCUME~1\1\DANEAP~1\Nvu
2007-05-13 14:15:21 -------- d-----w C:\DOCUME~1\1\DANEAP~1\HateML
2007-05-06 15:59:50 -------- d-----w C:\DOCUME~1\1\DANEAP~1\FrostWire
2007-05-06 15:48:09 -------- d-----w C:\DOCUME~1\1\DANEAP~1\Shareaza
2007-05-05 06:37:56 -------- d-----w C:\Program Files\SEMC
2007-04-28 07:16:09 26,678 ----a-w C:\WINDOWS\system32\cbxutqo.dll.vir
2007-04-28 06:59:34 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-28 06:41:52 -------- d-----w C:\Program Files\Google
2007-04-28 06:37:38 -------- d-----w C:\Program Files\America's Army
2007-04-21 14:30:18 3,341 ----a-w C:\WINDOWS\unins000.dat
2007-04-09 14:33:33 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-09 14:33:31 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-01 23:00:00 65,536 ----a-w C:\WINDOWS\FS9Unins.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 13:38]
"avast!"="D:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2006-09-25 17:42]
"gvbimepm"="C:\iysxkgyg.bat" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44]
"Gadu-Gadu"="E:\Program Files\Gadu-Gadu7.7\gg.exe" [2007-05-10 16:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SSS6_Suite"="C:\Program Files\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Program Files\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Program Files\Steganos Security Suite 6\spm.exe" /booting
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"E:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
Contents of the 'Scheduled Tasks' folder
2007-06-18 05:14:53 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-04-05 16:05:04 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167065937.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 08:01:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-26 8:03:23
C:\ComboFix-quarantined-files.txt ... 2007-06-26 08:02
--- E O F ---
26 Cze 2007, 12:31
C:\iysxkgyg.bat
C:\WINDOWS\system32\cbxutqo.dll.vir
C:\WINDOWS\wc98pp.dll
C:\WINDOWS\system32\gjqwqrwr.exe
C:\WINDOWS\system32\hhkfohme.exe
C:\WINDOWS\system32\kyxdibal.exe
C:\WINDOWS\system32\kxbehrja.exe
C:\WINDOWS\system32\gdjynqer.exe
C:\WINDOWS\system32\fkjofren.exe
C:\WINDOWS\system32\fgiaxipp.exe
C:\WINDOWS\system32\aqctjplo.exe
C:\WINDOWS\system32\uqwqkimg.exe
C:\WINDOWS\system32\fpovaekk.exe
C:\WINDOWS\system32\rblamfll.exe
Szczerze mówiąc to jest maskra. Wyjśc jest kilka, napewno start do truby awaryjnego i tam radzę usuwać ręcznie.
2. Wyjście drugie-użycie Pocket Killbox
zaznaczasz Delete on reboot, w polu Full Path of File to Delete wklejasz wszystkie wymienione wyżej ścieżki.
i naciskasz X czerwony.
3.Użycie Unlockera
Powodzenia. Po akcji nowe logi. Możesz dodać log z Vundofix.txt(nowy).
C:\WINDOWS\system32\cbxutqo.dll.vir
C:\WINDOWS\wc98pp.dll
C:\WINDOWS\system32\gjqwqrwr.exe
C:\WINDOWS\system32\hhkfohme.exe
C:\WINDOWS\system32\kyxdibal.exe
C:\WINDOWS\system32\kxbehrja.exe
C:\WINDOWS\system32\gdjynqer.exe
C:\WINDOWS\system32\fkjofren.exe
C:\WINDOWS\system32\fgiaxipp.exe
C:\WINDOWS\system32\aqctjplo.exe
C:\WINDOWS\system32\uqwqkimg.exe
C:\WINDOWS\system32\fpovaekk.exe
C:\WINDOWS\system32\rblamfll.exe
Szczerze mówiąc to jest maskra. Wyjśc jest kilka, napewno start do truby awaryjnego i tam radzę usuwać ręcznie.
2. Wyjście drugie-użycie Pocket Killbox
zaznaczasz Delete on reboot, w polu Full Path of File to Delete wklejasz wszystkie wymienione wyżej ścieżki.
i naciskasz X czerwony.
3.Użycie Unlockera
Powodzenia. Po akcji nowe logi. Możesz dodać log z Vundofix.txt(nowy).
26 Cze 2007, 14:03
uff coś zrobiłem a oto logi :
combofix:
vundofix:
hijackthis:
combofix:
- Kod:
"1" - 2007-06-26 13:51:19 - ComboFix 07-06-25.3 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))
2007-06-26 13:26 <DIR> d-------- C:\!KillBox
2007-06-26 07:57 60,416 --a------ C:\WINDOWS\system32\drivers\mliigwcm.sys
2007-06-26 07:57 126,976 --a------ C:\zip.exe
2007-06-26 07:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 08:33 <DIR> d-------- C:\Program Files\Firebird
2007-06-25 08:12 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-06-25 08:12 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-06-24 15:09 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Inbit
2007-06-24 15:05 <DIR> d-------- C:\Program Files\Inbit
2007-06-24 15:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Inbit
2007-06-24 14:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-24 08:06 4,256 -ra------ C:\WINDOWS\system32\NTPORTIO.SYS
2007-06-24 08:05 4,256 -ra------ C:\WINDOWS\NTPORTIO.SYS
2007-06-23 17:38 <DIR> d--hs---- C:\found.000
2007-06-23 10:40 <DIR> d-------- C:\Program Files\DreamRender
2007-06-23 10:38 122,900 --a------ C:\WINDOWS\system32\fgiaxipp.exe
2007-06-23 07:56 122,900 --a------ C:\WINDOWS\system32\gdjynqer.exe
2007-06-21 17:13 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-21 17:13 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-21 17:13 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-21 17:13 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-21 17:13 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-21 17:12 95,872 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-06-21 17:12 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-19 20:05 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Sylpheed
2007-06-19 19:30 <DIR> d-------- C:\Program Files\Microsoft Works
2007-06-19 19:23 <DIR> dr-h----- C:\MSOCache
2007-06-19 19:01 122,900 --a------ C:\WINDOWS\system32\gjqwqrwr.exe
2007-06-18 16:51 335 --a------ C:\WINDOWS\mozregistry.dat
2007-06-18 07:16 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Apple Computer
2007-06-18 07:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-18 07:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-06-14 14:57 <DIR> d-------- C:\Program Files\SHOUTcast
2007-06-07 20:49 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-06-07 20:49 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-06-07 20:49 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-06-07 20:49 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-06-07 20:49 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-06-07 20:49 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-06-07 20:39 24,575 --a------ C:\WINDOWS\system32\Bwinsysmwappio61.dll
2007-06-07 20:38 831,488 --a------ C:\WINDOWS\system32\AudioCDGrabber2.dll
2007-06-07 20:38 638,976 --a------ C:\WINDOWS\system32\AudioCDWriter2.dll
2007-06-07 20:38 450,560 --a------ C:\WINDOWS\system32\AudioTransform2.dll
2007-06-07 20:38 4,085,904 --a------ C:\WINDOWS\system32\wmfdist.exe
2007-06-07 20:38 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-07 20:38 315,392 --a------ C:\WINDOWS\system32\AudioPlayer2.dll
2007-06-07 20:38 311,296 --a------ C:\WINDOWS\system32\AudioRecord2.dll
2007-06-07 20:38 270,336 --a------ C:\WINDOWS\system32\AudioDisplay2.dll
2007-06-07 20:38 196,608 --a------ C:\WINDOWS\system32\WMAFile2.dll
2007-06-07 20:38 184,320 --a------ C:\WINDOWS\system32\WMABroadcastService2.dll
2007-06-07 20:38 1,843,200 --a------ C:\WINDOWS\system32\AudioFile2.dll
2007-06-07 20:38 1,794,048 --a------ C:\WINDOWS\system32\AudioDesign2.dll
2007-06-07 20:38 1,036,288 --a------ C:\WINDOWS\system32\AudioInformation2.dll
2007-06-07 20:17 <DIR> d-------- C:\Mp3con
2007-06-07 20:13 3,082 --a------ C:\WINDOWS\system32\affv6628p3now.sys
2007-06-07 20:00 <DIR> d-------- C:\My Music
2007-06-01 16:37 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\Gadu-Gadu
2007-05-31 19:24 <DIR> d-------- C:\Program Files\Nowy folder
2007-05-31 16:40 <DIR> d-------- C:\Program Files\Activision
2007-05-31 16:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-05-28 13:59 <DIR> d-------- C:\DOCUME~1\1\DANEAP~1\InstallShield
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-19 17:54:05 65,894 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-19 17:54:05 386,110 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-18 15:05:51 5,955 ----a-w C:\WINDOWS\mozver.dat
2007-06-12 16:24:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-05 17:35:38 -------- d-----w C:\DOCUME~1\1\DANEAP~1\BearShare
2007-05-19 05:58:17 -------- d-----w C:\DOCUME~1\1\DANEAP~1\Nvu
2007-05-13 14:15:21 -------- d-----w C:\DOCUME~1\1\DANEAP~1\HateML
2007-05-06 15:59:50 -------- d-----w C:\DOCUME~1\1\DANEAP~1\FrostWire
2007-05-06 15:48:09 -------- d-----w C:\DOCUME~1\1\DANEAP~1\Shareaza
2007-05-05 06:37:56 -------- d-----w C:\Program Files\SEMC
2007-04-28 06:59:34 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-28 06:41:52 -------- d-----w C:\Program Files\Google
2007-04-28 06:37:38 -------- d-----w C:\Program Files\America's Army
2007-04-21 14:30:18 3,341 ----a-w C:\WINDOWS\unins000.dat
2007-04-09 14:33:33 286,720 ------w C:\WINDOWS\Setup1.exe
2007-04-09 14:33:31 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-04-01 23:00:00 65,536 ----a-w C:\WINDOWS\FS9Unins.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 13:38]
"avast!"="D:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44]
"Gadu-Gadu"="E:\Program Files\Gadu-Gadu7.7\gg.exe" [2007-05-10 16:36]
"DDC"="C:\WINDOWS\system32\rblamfll.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"SSS6_Suite"="C:\Program Files\Steganos Security Suite 6\sss.exe" /booting
"SSS6_SAFE"="C:\Program Files\Steganos Security Suite 6\safe.exe" /booting
"SSS6_SPM"="C:\Program Files\Steganos Security Suite 6\spm.exe" /booting
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"E:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
Contents of the 'Scheduled Tasks' folder
2007-06-18 05:14:53 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-04-05 16:05:04 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1167065937.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 13:54:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-26 13:56:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 13:56
C:\ComboFix2.txt ... 2007-06-26 08:03
--- E O F ---
vundofix:
- Kod:
VundoFix V6.3.21
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 08:42:58 2007-05-03
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 18:35:23 2007-06-23
Listing files found while scanning....
C:\windows\system32\awtqp.dll
C:\windows\system32\hggebxy.dll
C:\windows\system32\hqqgwqyo.ini
C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ljjjjkl.dll
C:\windows\system32\lxtdoejs.dll
C:\WINDOWS\system32\mthxyodl.dll
C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uxkpiyny.ini
C:\WINDOWS\system32\yfrcnufx.dll
C:\windows\system32\ynyipkxu.dll
Beginning removal...
Attempting to delete C:\windows\system32\awtqp.dll
C:\windows\system32\awtqp.dll Has been deleted!
Attempting to delete C:\windows\system32\hggebxy.dll
C:\windows\system32\hggebxy.dll Has been deleted!
Attempting to delete C:\windows\system32\hqqgwqyo.ini
C:\windows\system32\hqqgwqyo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ldoyxhtm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjjkl.dll
C:\WINDOWS\system32\ljj
Beginning removal...
Attempting to delete C:\windows\system32\lxtdoejs.dll
C:\windows\system32\lxtdoejs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mthxyodl.dll
C:\WINDOWS\system32\mthxyodl.dll Has been deleted!
Attempting to delete C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\oyqwgqqh.dll Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak1 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.bak2 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.ini
C:\windows\system32\pqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.tmp Has been deleted!
Attempting to delete C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uqamtsjh.exe Has been deleted!
Attempting to delete C:\windows\system32\uxkpiyny.ini
C:\windows\system32\uxkpiyny.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfrcnufx.dll
C:\WINDOWS\system32\yfrcnufx.dll Has been deleted!
Attempting to delete C:\windows\system32\ynyipkxu.dll
C:\windows\system32\ynyipkxu.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 14:00:30 2007-06-26
Listing files found while scanning....
No infected files were found.
hijackthis:
- Kod:
Logfile of HijackThis v1.99.1
Scan saved at 14:03:47, on 2007-06-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Gadu-Gadu7.7\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] "D:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu7.7\gg.exe" /tray
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\rblamfll.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A0D32F2-4FBD-4E68-85FC-3027D6F62270}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
26 Cze 2007, 14:06
Robisz VundoFix w trybie awaryjnym? Masz włączone przywracanie systemu?
26 Cze 2007, 14:09
1. nie
2. (chyba) nie
2. (chyba) nie
26 Cze 2007, 14:16
Control Panel (Panel sterowania) >>> System >>> System Restore (Przywracanie systemu)
Tam zaznacz opcję Turn off System Restore lub Turn off System Restore on all drives (Wyłącz przywracanie na wszystkich dyskach). Zatwierdzasz wszystkie zmiany.
Następnie w trybie awaryjnym VundoFix.
Tam zaznacz opcję Turn off System Restore lub Turn off System Restore on all drives (Wyłącz przywracanie na wszystkich dyskach). Zatwierdzasz wszystkie zmiany.
Następnie w trybie awaryjnym VundoFix.
26 Cze 2007, 14:40
vundofix w awaryjnym:
- Kod:
VundoFix V6.3.21
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 08:42:58 2007-05-03
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 18:35:23 2007-06-23
Listing files found while scanning....
C:\windows\system32\awtqp.dll
C:\windows\system32\hggebxy.dll
C:\windows\system32\hqqgwqyo.ini
C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ljjjjkl.dll
C:\windows\system32\lxtdoejs.dll
C:\WINDOWS\system32\mthxyodl.dll
C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uxkpiyny.ini
C:\WINDOWS\system32\yfrcnufx.dll
C:\windows\system32\ynyipkxu.dll
Beginning removal...
Attempting to delete C:\windows\system32\awtqp.dll
C:\windows\system32\awtqp.dll Has been deleted!
Attempting to delete C:\windows\system32\hggebxy.dll
C:\windows\system32\hggebxy.dll Has been deleted!
Attempting to delete C:\windows\system32\hqqgwqyo.ini
C:\windows\system32\hqqgwqyo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ldoyxhtm.ini
C:\WINDOWS\system32\ldoyxhtm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjjjkl.dll
C:\WINDOWS\system32\ljj
Beginning removal...
Attempting to delete C:\windows\system32\lxtdoejs.dll
C:\windows\system32\lxtdoejs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mthxyodl.dll
C:\WINDOWS\system32\mthxyodl.dll Has been deleted!
Attempting to delete C:\windows\system32\oyqwgqqh.dll
C:\windows\system32\oyqwgqqh.dll Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak1
C:\windows\system32\pqtwa.bak1 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.bak2
C:\windows\system32\pqtwa.bak2 Has been deleted!
Attempting to delete C:\windows\system32\pqtwa.ini
C:\windows\system32\pqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pqtwa.tmp Has been deleted!
Attempting to delete C:\windows\system32\uqamtsjh.exe
C:\windows\system32\uqamtsjh.exe Has been deleted!
Attempting to delete C:\windows\system32\uxkpiyny.ini
C:\windows\system32\uxkpiyny.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\yfrcnufx.dll
C:\WINDOWS\system32\yfrcnufx.dll Has been deleted!
Attempting to delete C:\windows\system32\ynyipkxu.dll
C:\windows\system32\ynyipkxu.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 14:00:30 2007-06-26
Listing files found while scanning....
No infected files were found.
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.11
Scan started at 14:29:48 2007-06-26
Listing files found while scanning....
No infected files were found.
26 Cze 2007, 15:19
Pisze, że usuneło. Log z Combofixa i HJT.
26 Cze 2007, 17:58
O co chodzi
?pp3088 napisał(a):... Log z Combofixa i HJT.
26 Cze 2007, 18:21
Żarty sobie robisz? -.-? to jest to coś co wcześniej zrobiłeś te logi ... chyba słaba pamięć patrz wyżej na swoje posty...forumowicz711 napisał(a):O co chodzi?pp3088 napisał(a):... Log z Combofixa i HJT.
26 Cze 2007, 18:24
nie chodzi oto co to jest tylko o oto czy mam je dać!