Aktualizacje na programosy.pl: Reg OrganizerPlayOnAtlantis Word ProcessorWinSCP PortableWinSCPMozilla FirefoxVX SearchAIDA64 Extreme EditionMediachance Dynamic Auto-Painter Pro  

  • Ogłoszenie:

Ckvo.exe

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Ckvo.exe

Postprzez alajna87 28 Paź 2008, 23:57

reklama
podpinka.
mam tego samego wirusa i bardzo proszę o sprawdzenie logów z HijackThis i Combofix

Combofix:
Kod: Zaznacz wszystko
ComboFix 08-10-28.01 - ASUS 2008-10-28 22:33:48.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.83 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\ASUS\Moje dokumenty\alunia@neostrada.pl\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\ckvo1.dll
C:\xih9.cmd
D:\Autorun.inf
D:\xih9.cmd

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-09-28 do 2008-10-28  )))))))))))))))))))))))))))))))
.

2008-10-28 22:08 . 2008-10-28 22:08   <DIR>   d--------   C:\Program Files\Trend Micro
2008-10-28 08:14 . 2008-10-28 08:14   268   --ah-----   C:\sqmdata04.sqm
2008-10-28 08:14 . 2008-10-28 08:14   244   --ah-----   C:\sqmnoopt04.sqm
2008-10-27 23:51 . 2008-10-27 23:51   268   --ah-----   C:\sqmdata03.sqm
2008-10-27 23:51 . 2008-10-27 23:51   244   --ah-----   C:\sqmnoopt03.sqm
2008-10-27 08:47 . 2008-10-27 08:47   268   --ah-----   C:\sqmdata02.sqm
2008-10-27 08:47 . 2008-10-27 08:47   244   --ah-----   C:\sqmnoopt02.sqm
2008-10-26 10:20 . 2008-10-26 10:20   268   --ah-----   C:\sqmdata01.sqm
2008-10-26 10:20 . 2008-10-26 10:20   244   --ah-----   C:\sqmnoopt01.sqm
2008-10-26 07:27 . 2008-10-26 07:27   268   --ah-----   C:\sqmdata00.sqm
2008-10-26 07:27 . 2008-10-26 07:27   244   --ah-----   C:\sqmnoopt00.sqm
2008-10-25 18:48 . 2008-10-25 18:48   48   --a------   C:\WINDOWS\EL0102.dat
2008-10-25 18:25 . 2008-10-25 18:25   <DIR>   d--------   C:\Program Files\EasyLanguage
2008-10-22 21:16 . 2008-10-22 21:16   <DIR>   d--------   C:\Program Files\Edgard
2008-10-22 19:51 . 2008-10-22 19:51   <DIR>   d--------   C:\Program Files\Speech
2008-10-22 19:50 . 2008-10-22 19:50   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-10-22 19:49 . 2008-10-22 19:49   <DIR>   d--------   C:\SuperMemo Extreme English!
2008-10-21 21:45 . 2008-10-21 21:45   <DIR>   d--------   C:\Program Files\Support Tools
2008-10-20 15:24 . 2008-10-20 15:24   25   --a------   C:\WINDOWS\cdplayer.ini
2008-10-20 15:22 . 2008-10-20 15:22   <DIR>   d--------   C:\Program Files\Real
2008-10-20 15:22 . 2008-10-20 15:22   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-10-20 15:22 . 2008-10-20 15:22   <DIR>   d--------   C:\Program Files\Common Files\Real
2008-10-13 17:17 . 2008-10-13 17:17   <DIR>   d--------   C:\Documents and Settings\ASUS\Dane aplikacji\SuperMemo World
2008-10-13 17:16 . 2008-10-13 17:16   <DIR>   d--------   C:\Program Files\SuperMemo UX
2008-10-13 17:16 . 1998-10-07 12:54   327,168   --a------   C:\WINDOWS\IsUn0415.exe
2008-10-11 21:15 . 2008-10-11 21:15   <DIR>   d--------   C:\Documents and Settings\ASUS\Contacts
2008-10-11 21:14 . 2008-10-11 21:14   <DIR>   d--------   C:\WINDOWS\system32\DRVSTORE
2008-10-11 21:14 . 2008-10-11 21:14   <DIR>   d--------   C:\Program Files\MSN Messenger

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
[code]<pre>
----a-w        24,433,961 2008-10-25 17:11:54  C:\Documents and Settings\ASUS\Pulpit\EasyLanguage - Język angielski (  Gramatyka) 2.08 .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-05-12 102400]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 765952]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-21 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-21 688218]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [N/A]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-10-20 185872]
"SoundMan"="SOUNDMAN.EXE" [2005-04-14 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"autoclk"="autoclk.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\ASUS\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-03-28 331776]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-30 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-16 193280]
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-06-03 702326]
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-06-03 4790]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07fbd568-1dc7-11dd-9542-0017313a7eba}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2135fa8-121f-11dd-9521-0017313a7eba}]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa4c50ec-09ed-11dd-9500-0017313a7eba}]
\Shell\AutoRun\command - F:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf50422-fe93-11dc-94ce-0017313a7eba}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\ASUS\Dane aplikacji\Mozilla\Firefox\Profiles\cwihffhk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.wp.pl
FF -: plugin - c:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 22:38:44
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-28 22:44:33 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-10-28 21:44:22

Przed: 13 968 277 504 bajtów wolnych
Po: 14,533,492,736 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

166




Hijack:

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:34, on 2008-10-28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ASUS\Pulpit\putty_ssh.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8016 bytes



Z góry dziękuję za odpowiedź :)
alajna87
~user
 
Posty: 1
Dołączenie: 28 Paź 2008, 23:46


Góra

Ckvo.exe

Postprzez Magik 29 Paź 2008, 00:05

alajna87 napisał(a):podpinka.


nie rob tego na przyszlosc, zakladaj nowy topic z 2 powodow

1->niezgodne z regulaminem
2->nudna, zmudna robota dzielic tematy

Kod: Zaznacz wszystko
C:\WINDOWS\EL0102.dat


przeskanuj ten plik na virustotal.com


wklej do notatnika
Kod: Zaznacz wszystko
FILE::
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm


Plik -> zapisz jako -> CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe


wklej do notatnika
Kod: Zaznacz wszystko
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07fbd568-1dc7-11dd-9542-0017313a7eba}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2135fa8-121f-11dd-9521-0017313a7eba}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa4c50ec-09ed-11dd-9500-0017313a7eba}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf50422-fe93-11dc-94ce-0017313a7eba}]


zapisz jako fix.reg i odpal


w Hijacku na fix:
Kod: Zaznacz wszystko
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886

Góra

Ckvo.exe

Postprzez djarta 29 Paź 2008, 08:05

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Kod: Zaznacz wszystko
<pre>
----a-w        24,433,961 2008-10-25 17:11:54  [b]C:\Documents and Settings\ASUS\Pulpit\EasyLanguage - Język angielski (  Gramatyka) 2.08 .exe[/b]
</pre>


Zły znak, VIRTRUMONDE!


===============
K.
Pozdrawiam djarta. :)
djarta
~user
 
Posty: 684
Dołączenie: 31 Lip 2008, 10:49
Pochwały: 55


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 6 gości

Powered by phpBB © Group
Forum Programosy.pl