CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Problem z trojanem :(

Problem z trojanem :(

Witam Mam problem z usunięciem trojana... wcześniej robiłem wszystko zgodnie z zaleceniami z tego wątku http://forum.centrumxp.pl/Default.aspx?g=posts&t=158038 ale niestety mój dalej siedzi =( Objawia się to jakby odświeżaniem ekranu tj. znikają ikony na pulpicie i pasek narzędzi na pare sek, czasami na zawsze, a także wyraźnym zamuleniem systemu. Spyware doctor ciągle znajduje trojana virtumonde. Vundo nie znajduje już nic. bardzo prosze o pomoc ... dodam logi z combo i hijacka ComboFix 07-11-19.3 - Admin007 2007-11-25 12:02:09.5 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1008 [GMT 1:00] Running from: H:\FLASHGET\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\hhhkj.ini D:\WINDOWS\system32\hhhkj.ini2 D:\WINDOWS\system32\jkhhh.dll . ---- Previous Run ------- . D:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk D:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk D:\WINDOWS\system32\fhhkj.ini2 D:\WINDOWS\system32\hgjlm.ini D:\WINDOWS\system32\hgjlm.ini2 D:\WINDOWS\system32\mecnrwdu.dllbox D:\WINDOWS\system32\mljgh.dll . ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-25 11:25 d-------- D:\VundoFix Backups 2007-11-25 10:46 776,132 ---hs---- D:\WINDOWS\system32\oigkpeni.ini 2007-11-25 10:43 145,984 --a------ D:\WINDOWS\system32\fyvfvbbr.dll 2007-11-25 10:40 71,232 --a------ D:\WINDOWS\system32\mlugenhb.exe 2007-11-23 21:20 d-------- D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-23 21:20 79,688 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-23 21:20 62,280 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-23 21:20 41,288 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-23 21:20 29,000 --a------ D:\WINDOWS\system32\drivers\kcom.sys 2007-11-23 21:19 d-------- D:\Program Files\Spyware Doctor 2007-11-23 21:19 d-------- D:\Documents and Settings\Admin007\Dane aplikacji\PC Tools 2007-11-23 21:19 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll 2007-11-23 19:41 d--hs---- D:\FOUND.003 2007-11-23 18:39 37,376 --a------ D:\WINDOWS\system32\fcccbay.dll 2007-11-19 19:24 d-------- D:\Program Files\DAEMON Tools 2007-11-19 19:18 96,256 --a------ D:\WINDOWS\system32\drivers\sptddrv1.sys 2007-10-31 19:04 722,192 --a------ D:\WINDOWS\system32\VB40032.DLL 2007-10-31 19:04 1,555 --a------ D:\WINDOWS\system32\ST4UNST.LOG 2007-10-31 19:04 999 --a------ D:\WINDOWS\system32\ST4UNST.000 2007-10-30 20:12 d-------- D:\xampp 2007-10-29 01:22 d-------- D:\Program Files\PremiumSoft 2007-10-28 19:53 356,352 --a------ D:\WINDOWS\eSellerateEngine.dll 2007-10-28 19:33 d-------- D:\Program Files\RipCast 1.9 2007-10-25 00:48 d-------- D:\Program Files\Elaborate Bytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 09:46 85,056 ----a-w D:\WINDOWS\system32\inepkgio.dll 2007-11-25 09:46 79,936 ----a-w D:\WINDOWS\system32\cobfwiun.dll 2007-11-19 18:19 611,064 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-11-17 18:17 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-17 18:16 103,736 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2007-10-25 16:57 8,483,328 ----a-w D:\WINDOWS\system32\dllcache\shell32.dll 2007-10-18 20:21 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2007-10-18 20:19 --------- d-----w D:\Program Files\NSS 2007-10-18 18:55 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-10-18 18:53 --------- d-----w D:\Program Files\PC Connectivity Solution 2007-10-18 18:53 --------- d-----w D:\Program Files\Nokia 2007-10-18 18:53 --------- d-----w D:\Program Files\DIFX 2007-10-18 18:53 --------- d-----w D:\Program Files\Common Files\PCSuite 2007-10-18 18:53 --------- d-----w D:\Program Files\Common Files\Nokia 2007-10-18 18:52 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Installations 2007-09-29 14:22 --------- d-----w D:\Program Files\Hewlett-Packard 2007-09-08 14:31 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2007-09-06 11:09 801,144 ----a-w D:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w D:\WINDOWS\system32\AVASTSS.scr 2007-09-02 12:57 86,528 ----a-w D:\WINDOWS\bnetunin.exe 2007-06-03 13:17 16,368 ----a-w D:\Documents and Settings\Admin007\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot@2007-11-23_21.53.48.56 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w D:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE + 2007-11-25 11:05:18 16,384 ----a-w D:\WINDOWS\Temp\Perflib_Perfdata_4e0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b326337b-e23b-45a9-83c7-baec60482438}] 2007-11-25 10:46 79936 --a------ D:\WINDOWS\system32\cobfwiun.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}] 2007-11-23 18:39 37376 --a------ D:\WINDOWS\system32\fcccbay.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 10:01] "Octoshape Streaming Services"="D:\Program Files\Octoshape Streaming Services\Admin007\OctoshapeClient.exe" [2006-02-13 18:33] "eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:44 D:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-08-11 21:43 D:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RunDLL32.exe" [2004-08-03 22:44 D:\WINDOWS\system32\rundll32.exe] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 D:\WINDOWS\KHALMNPR.Exe] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 D:\WINDOWS\KHALMNPR.Exe] "VC7Player"="D:\Program Files\HHVcdV7Sys\VC7Play.exe" [2005-08-03 11:06] "HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 08:42] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10] "CloneCDElbyCDFL"="D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33] "CloneCDTray"="D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 16:17] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09] "SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] "3c351d71"="D:\WINDOWS\system32\inepkgio.dll" [2007-11-25 10:46] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17] D:\Documents and Settings\Admin007\Menu Start\Programy\AutostartStrongGG.lnk - D:\Program Files\Gadu-Gadu\StrongGG.exe [2005-09-26 19:48:34] D:\Documents and Settings\All Users\Menu Start\Programy\AutostartMicrosoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 15:17:22] Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-16 20:09:58] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= D:\WINDOWS\system32\fcccbay.dll [2007-11-23 18:39 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbay] fcccbay.dll 2007-11-23 18:39 37376 D:\WINDOWS\system32\fcccbay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mecnrwdu] mecnrwdu.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 D:\WINDOWS\system32\jkhhh.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 ElbyVCD;ElbyVCD;D:\WINDOWS\system32\DRIVERS\ElbyVCD.sys R1 vdrv7000;vdrv7000;D:\WINDOWS\system32\DRIVERS\vdrv7000.sys R2 Apache2.2;Apache2.2;"D:\xampp\apache\bin\apache.exe" -k runservice R2 VC7SecS;Virtual CD v7 Management Service;D:\Program Files\HHVcdV7Sys\VC7SecS.exe S2 BulkUsb;Genius ColorPage USB Scanner;D:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ab50c1-0f87-11dc-aabd-806d6172696f}] \Shell\AutoRun\command - H:\setup.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 12:05:46 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 12:07:29 - machine was rebooted D:\ComboFix3.txt ... 2007-11-23 22:09 D:\ComboFix2.txt ... 2007-11-23 22:44 . --- E O F --- Logfile of HijackThis v1.98.2 Scan saved at 12:14:57, on 2007-11-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\RunDLL32.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\WINDOWS\system32\RunDll32.exe D:\xampp\apache\bin\apache.exe D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files\HHVcdV7Sys\VC7Play.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe D:\Program Files\DAEMON Tools\daemon.exe D:\Program Files\Spyware Doctor\SDTrayApp.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\xampp\mysql\bin\mysqld-nt.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\Gadu-Gadu\StrongGG.exe D:\Program Files\Gadu-Gadu\gg.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\PnkBstrA.exe D:\xampp\apache\bin\apache.exe D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE D:\Program Files\Spyware Doctor\svcntaux.exe D:\Program Files\Octoshape Streaming Services\Admin007\OctoshapeClient.exe D:\Program Files\Spyware Doctor\swdsvc.exe D:\Program Files\Alwil Software\Avast4\setup\avast.setup D:\Program Files\Virtual CD v7\System\VC7Tray.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\HHVcdV7Sys\VC7SecS.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\Program Files\PC Connectivity Solution\ServiceLayer.exe D:\WINDOWS\System32\alg.exe D:\Program Files\Winamp\winamp.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\Spyware Doctor\swdoctor.exe G:\WINDOWSY + DODATKI\antyvir\hijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: {83428406-ceab-7c38-9a54-b32eb733623b} - {b326337b-e23b-45a9-83c7-baec60482438} - D:\WINDOWS\system32\cobfwiun.dll O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - D:\WINDOWS\system32\fcccbay.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [VC7Player] D:\Program Files\HHVcdV7Sys\VC7Play.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [3c351d71] rundll32.exe "D:\WINDOWS\system32\inepkgio.dll",b O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "D:\Program Files\Octoshape Streaming Services\Admin007\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart O4 - Startup: StrongGG.lnk = D:\Program Files\Gadu-Gadu\StrongGG.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/pl/poker_2_0_0_49.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_34.cab

Odpowiedzi: 6

Błędu nie ma. Ale jak masz problemy z ComboFixem to użyj czegos innego do kasacji tych plików (bo combofix w tym momencie jedynie za program do usuwania plików robi). Np KillBoxa.
Żółty
Dodano
30.11.2007 14:29:29
Witam Nie wiem czy w poprzednim poście .. tj Pana "morda" nie ma jakiegoś błędu =/ otóż po restarcie kompa przez ComboFix program jakby się zawiesza... czekałem dość długo i nic. Z tego właśnie powodu nie moge zamieścić loga. Dzięki jeszcze raz i pozdrawiam
cbdragon
Dodano
30.11.2007 13:30:47
Jeszcze D:\WINDOWS\bnetunin.exe To D:\WINDOWS\system32\drivers\mchInjDrv.sys też mi sie mocno nie podoba ([url]http://www.greatis.com/appdata/d/m/mchinjdrv.sys.htm[/url]) ale z drugiej strony widziałem tez informacje, że jest wykorzystywany przez pożądne programy typu Comodo
Żółty
Dodano
28.11.2007 23:06:33
Jeszcze poprawka: Wklej do [b]Notatnika[/b]: [CODE] File:: D:\WINDOWS\system32\oigkpeni.ini.ren D:\WINDOWS\system32\inepkgio.dll.ren D:\WINDOWS\system32\ggjlm.ini.ren D:\WINDOWS\system32\oigkpeni.ini D:\WINDOWS\system32\inepkgio.dll D:\WINDOWS\system32\ggjlm.ini [/code] [b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b] Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] – podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img] Ma się rozpocząć usuwanie. (i powstanie log) [b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b]. Daj ten log, który powstanie w trakcie usuwania. .
morda
Dodano
28.11.2007 19:54:25
Tak jest to programik. Tutaj log : ComboFix 07-11-19.3 - Admin007 2007-11-28 10:31:36.8 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.973 [GMT 1:00] Running from: G:\WINDOWSY + DODATKI\antyvir\ComboFix.exe Command switches used :: G:\WINDOWSY + DODATKI\antyvir\CFScript.txt * Created a new restore point FILE D:\WINDOWS\system32\cobfwiun.dll D:\WINDOWS\system32\fcccbay.dll D:\WINDOWS\system32\fyvfvbbr.dll D:\WINDOWS\system32\inepkgio.dll D:\WINDOWS\system32\mlugenhb.exe D:\WINDOWS\system32\oigkpeni.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\FOUND.003 D:\FOUND.003\FILE0000.CHK D:\FOUND.003\FILE0001.CHK D:\WINDOWS\system32\cobfwiun.dll D:\WINDOWS\system32\fyvfvbbr.dll D:\WINDOWS\system32\mlugenhb.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-28 10:35 2,560 D:\WINDOWS\system32\drivers\mchInjDrv.sys 2007-11-27 20:49 d-------- D:\Program Files\SopCast 2007-11-27 20:49 d-------- D:\Documents and Settings\Admin007\Dane aplikacji\SopCast 2007-11-25 22:10 d-------- D:\Program Files\Trojan Remover 2007-11-25 22:10 d-------- D:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software 2007-11-25 22:10 d-------- D:\Documents and Settings\Admin007\Dane aplikacji\Simply Super Software 2007-11-25 10:46 776,192 --a------ D:\WINDOWS\system32\oigkpeni.ini.ren 2007-11-25 10:46 85,056 --a------ D:\WINDOWS\system32\inepkgio.dll.ren 2007-11-23 21:20 d-------- D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-23 21:20 79,688 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-23 21:20 62,280 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-23 21:20 41,288 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-23 21:20 29,000 --a------ D:\WINDOWS\system32\drivers\kcom.sys 2007-11-23 21:19 d-------- D:\Program Files\Spyware Doctor 2007-11-23 21:19 d-------- D:\Documents and Settings\Admin007\Dane aplikacji\PC Tools 2007-11-19 19:24 d-------- D:\Program Files\DAEMON Tools 2007-11-19 19:18 96,256 --a------ D:\WINDOWS\system32\drivers\sptddrv1.sys 2007-11-09 21:15 28,160 --a------ D:\WINDOWS\SFMAN32.DLL 2007-10-31 19:04 722,192 --a------ D:\WINDOWS\system32\VB40032.DLL 2007-10-31 19:04 60,416 --a------ D:\WINDOWS\ST4UNST.EXE 2007-10-31 19:04 1,555 --a------ D:\WINDOWS\system32\ST4UNST.LOG 2007-10-31 19:04 999 --a------ D:\WINDOWS\system32\ST4UNST.000 2007-10-30 20:12 d-------- D:\xampp 2007-10-29 01:22 d-------- D:\Program Files\PremiumSoft 2007-10-28 19:53 356,352 --a------ D:\WINDOWS\eSellerateEngine.dll 2007-10-28 19:33 d-------- D:\Program Files\RipCast 1.9 2007-10-28 19:33 90,112 --a------ D:\WINDOWS\unvise32.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 21:37 6,465 --sha-w D:\WINDOWS\system32\ggjlm.ini.ren 2007-11-19 18:19 611,064 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2007-11-17 18:17 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-17 18:16 103,736 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2007-10-25 16:57 8,483,328 ----a-w D:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 23:48 --------- d-----w D:\Program Files\Elaborate Bytes 2007-10-18 20:21 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2007-10-18 20:19 --------- d-----w D:\Program Files\NSS 2007-10-18 18:55 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-10-18 18:53 --------- d-----w D:\Program Files\PC Connectivity Solution 2007-10-18 18:53 --------- d-----w D:\Program Files\Nokia 2007-10-18 18:53 --------- d-----w D:\Program Files\DIFX 2007-10-18 18:53 --------- d-----w D:\Program Files\Common Files\PCSuite 2007-10-18 18:53 --------- d-----w D:\Program Files\Common Files\Nokia 2007-10-18 18:52 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Installations 2007-09-29 14:22 --------- d-----w D:\Program Files\Hewlett-Packard 2007-09-08 14:31 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2007-09-06 11:09 801,144 ----a-w D:\WINDOWS\system32\aswBoot.exe 2007-09-06 11:00 95,608 ----a-w D:\WINDOWS\system32\AVASTSS.scr 2007-09-02 12:57 86,528 ----a-w D:\WINDOWS\bnetunin.exe 2007-06-03 13:17 16,368 ----a-w D:\Documents and Settings\Admin007\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 10:01] "Octoshape Streaming Services"="D:\Program Files\Octoshape Streaming Services\Admin007\OctoshapeClient.exe" [2006-02-13 18:33] "eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:44 D:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-08-11 21:43 D:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RunDLL32.exe" [2004-08-03 22:44 D:\WINDOWS\system32\rundll32.exe] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 D:\WINDOWS\KHALMNPR.Exe] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 D:\WINDOWS\KHALMNPR.Exe] "VC7Player"="D:\Program Files\HHVcdV7Sys\VC7Play.exe" [2005-08-03 11:06] "HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 08:42] "PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10] "CloneCDElbyCDFL"="D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 08:33] "CloneCDTray"="D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 16:17] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09] "TrojanScanner"="D:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42] "SDTray"="D:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44] "Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17] D:\Documents and Settings\Admin007\Menu Start\Programy\AutostartStrongGG.lnk - D:\Program Files\Gadu-Gadu\StrongGG.exe [2005-09-26 19:48:34] D:\Documents and Settings\All Users\Menu Start\Programy\AutostartMicrosoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 15:17:22] Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-16 20:09:58] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 ElbyVCD;ElbyVCD;D:\WINDOWS\system32\DRIVERS\ElbyVCD.sys R1 vdrv7000;vdrv7000;D:\WINDOWS\system32\DRIVERS\vdrv7000.sys R2 Apache2.2;Apache2.2;"D:\xampp\apache\bin\apache.exe" -k runservice R2 VC7SecS;Virtual CD v7 Management Service;D:\Program Files\HHVcdV7Sys\VC7SecS.exe S2 BulkUsb;Genius ColorPage USB Scanner;D:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);D:\WINDOWS\system32\DRIVERS\ss_bus.sys S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;D:\WINDOWS\system32\DRIVERS\ss_mdfl.sys S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;D:\WINDOWS\system32\DRIVERS\ss_mdm.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ab50c1-0f87-11dc-aabd-806d6172696f}] \Shell\AutoRun\command - H:\setup.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-28 10:35:16 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-28 10:36:13 - machine was rebooted . --- E O F ---
cbdragon
Dodano
28.11.2007 11:39:47
Wklej do [b]Notatnika[/b]: [CODE] File:: D:\WINDOWS\system32\oigkpeni.ini D:\WINDOWS\system32\fyvfvbbr.dll D:\WINDOWS\system32\mlugenhb.exe D:\WINDOWS\system32\fcccbay.dll D:\WINDOWS\system32\inepkgio.dll D:\WINDOWS\system32\cobfwiun.dll D:\WINDOWS\system32\inepkgio.dll Folder:: D:\VundoFix Backups D:\FOUND.003 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b326337b-e23b-45a9-83c7-baec60482438}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "3c351d71"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ED203331-9C33-49D8-8714-D24A366A04EC}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbay] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mecnrwdu] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 [/code] [b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b] (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka [b]CFScript.txt[/b] znalazła się obok ikonki [b]ComboFix.exe[/b]) Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] (czyli ikonkę [b]CFScript.txt[/b] na ikonkę [b]ComboFix.exe[/b]) – podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img] (jeśli pojawi się pytanie "[b]1 or 2[/b]" - to wpisz [b]1[/b] i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log) [b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b]. Daj ten log, który powstanie w trakcie usuwania. [quote]D:\xampp[/quote] Znasz to powyższe? .
morda
Dodano
26.11.2007 17:29:29
cbdragon
Dodano:
25.11.2007 13:19:01
Komentarzy:
6
Strona 1 / 1