Skocz do zawartości


Zdjęcie

[wirus] Wirus WINFILE.


  • Zamknięty Temat jest zamknięty
10 odpowiedzi w tym temacie

#1 FusioN822

FusioN822

    Początkujący

  • 31 postów

Napisano 25 02 2009 - 21:59

Witam, otóż powrócił pewien wirus na mój dysk o nazwie WINFILE, tworzy on folder , taki trochę niepodobny i JEST NAPISANE WINFILE a pod spodem "gy"

wiem, że kiedyś już miałem, bo brat dziś podłączył telefon, i znów jest ;/

Próbowałem : Spyware Doctor'em , usunął się, a następnie znów powrócił, combofix też nie dał rady

Dołączona grafika


Log z combofix'a
CODE-BOX
ComboFix 09-02-24.02 - admin 2009-02-25 15:38:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1365 [GMT 1:00]
Uruchomiony z: e:\documents and settings\admin\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\mstray.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-25 do 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-25 15:36 . 2009-02-25 15:36 <DIR> d-------- e:\program files\SkanerOnline
2009-02-25 15:35 . 2009-02-25 15:36 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HPAppData
2009-02-25 12:20 . 2009-02-25 12:24 <DIR> d-------- e:\program files\Spyware Doctor
2009-02-25 12:20 . 2009-02-25 12:20 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\PC Tools
2009-02-25 12:20 . 2008-08-25 12:36 81,288 --a------ e:\windows\system32\drivers\iksyssec.sys
2009-02-25 12:20 . 2008-08-25 12:36 66,952 --a------ e:\windows\system32\drivers\iksysflt.sys
2009-02-25 12:20 . 2008-08-25 12:36 40,840 --a------ e:\windows\system32\drivers\ikfilesec.sys
2009-02-25 12:20 . 2008-06-02 16:19 29,576 --a------ e:\windows\system32\drivers\kcom.sys
2009-02-25 12:05 . 2009-02-25 12:05 697 ---hs---- E:\comment.htt
2009-02-25 12:05 . 2009-02-25 12:05 72 ---hs---- E:\desktop.ini
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a------ e:\windows\system32\drivers\usbser.sys
2009-02-24 18:24 . 2008-04-14 00:15 26,112 --a--c--- e:\windows\system32\dllcache\usbser.sys
2009-02-24 18:24 . 2008-03-21 13:57 14,640 --------- e:\windows\system32\spmsgXP_2k3.dll
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-24 18:24 . 2009-02-24 18:24 0 --ah----- e:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:25 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\PC Suite
2009-02-24 18:23 . 2009-02-24 18:23 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\PC Connectivity Solution
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Nokia
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\DIFX
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\PCSuite
2009-02-24 18:22 . 2009-02-24 18:22 <DIR> d-------- e:\program files\Common Files\Nokia
2009-02-24 18:22 . 2008-09-15 07:29 1,112,288 --a------ e:\windows\system32\wdfcoinstaller01007.dll
2009-02-24 18:22 . 2008-09-15 07:56 659,968 --a------ e:\windows\system32\nmwcdcocls.dll
2009-02-24 18:22 . 2008-09-15 07:56 91,136 --a------ e:\windows\system32\nmwcdcls.dll
2009-02-24 18:22 . 2008-09-15 07:56 22,016 --a------ e:\windows\system32\drivers\ccdcmbo.sys
2009-02-24 18:22 . 2008-08-26 09:26 18,816 --a------ e:\windows\system32\drivers\pccsmcfd.sys
2009-02-24 18:22 . 2008-09-15 07:56 17,664 --a------ e:\windows\system32\drivers\ccdcmb.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerfltj.sys
2009-02-24 18:22 . 2008-09-15 07:56 8,064 --a------ e:\windows\system32\drivers\usbser_lowerflt.sys
2009-02-24 18:21 . 2009-02-24 18:21 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Installations
2009-02-24 16:10 . 2009-02-24 16:10 118,784 --a------ e:\windows\SeaMonkeyUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 <DIR> d-------- e:\program files\Common Files\mozilla.org
2009-02-24 16:09 . 2009-02-24 16:09 118,784 --a------ e:\windows\GREUninstall.exe
2009-02-24 16:09 . 2009-02-24 16:10 7,738 --a------ e:\windows\mozver.dat
2009-02-24 10:54 . 2009-02-24 16:04 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\skypePM
2009-02-24 10:54 . 2009-02-24 10:54 56 --ah----- e:\windows\system32\ezsidmv.dat
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> dr------- e:\program files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\program files\Common Files\Skype
2009-02-24 10:53 . 2009-02-24 10:53 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-24 10:53 . 2009-02-25 14:39 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Skype
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\WEBREG
2009-02-24 09:36 . 2009-02-24 09:36 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\HP
2009-02-23 16:39 . 2007-10-30 10:11 729,088 -ra------ e:\windows\system32\hpowiax7.dll
2009-02-23 16:39 . 2007-10-30 10:11 581,632 -ra------ e:\windows\system32\hpotscl6.dll
2009-02-23 16:39 . 2007-10-30 10:11 303,104 -ra------ e:\windows\system32\hpovst15.dll
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a------ e:\windows\system32\drivers\usbscan.sys
2009-02-23 16:39 . 2008-04-14 00:15 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP Product Assistant
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\HP
2009-02-23 16:37 . 2009-02-23 16:37 0 --a------ e:\windows\system32\YOYO
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Hewlett-Packard
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\HP
2009-02-23 16:36 . 2009-02-23 16:36 <DIR> d-------- e:\program files\Common Files\Hewlett-Packard
2009-02-23 16:35 . 2009-02-23 16:37 <DIR> d-------- e:\program files\HP
2009-02-23 16:34 . 2009-02-23 16:34 <DIR> d-------- e:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2009-02-23 16:34 . 2007-11-08 15:52 271,704 -ra------ e:\windows\system32\hpzids01.dll
2009-02-23 16:34 . 2009-02-24 09:36 169,233 --a------ e:\windows\hpoins27.dat
2009-02-23 16:34 . 2007-10-20 18:25 117,760 --a------ e:\windows\system32\hpzll5mu.dll
2009-02-23 16:34 . 2007-10-30 10:25 49,920 -ra------ e:\windows\system32\drivers\HPZid412.sys
2009-02-23 16:34 . 2007-10-30 10:25 16,496 -ra------ e:\windows\system32\drivers\HPZipr12.sys
2009-02-23 16:34 . 2008-01-18 16:56 932 --------- e:\windows\hpomdl27.dat
2009-02-23 16:33 . 2009-02-24 18:23 <DIR> d----c--- e:\windows\system32\DRVSTORE
2009-02-23 16:33 . 2007-10-30 10:25 372,736 -ra------ e:\windows\system32\hppldcoi.dll
2009-02-23 16:33 . 2007-10-30 10:25 309,760 -ra------ e:\windows\system32\difxapi.dll
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a------ e:\windows\system32\drivers\usbprint.sys
2009-02-23 16:33 . 2008-04-14 00:17 25,856 --a--c--- e:\windows\system32\dllcache\usbprint.sys
2009-02-23 16:33 . 2007-10-30 10:25 21,568 -ra------ e:\windows\system32\drivers\HPZius12.sys
2009-02-23 10:20 . 2009-02-23 10:20 <DIR> d-------- e:\program files\Common Files\NSV
2009-02-23 10:16 . 2009-02-23 10:18 <DIR> d-------- e:\program files\Winamp
2009-02-23 10:16 . 2009-02-23 10:20 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Winamp
2009-02-22 18:10 . 2009-02-22 18:10 <DIR> d-------- e:\windows\Sun
2009-02-22 16:42 . 2009-02-22 16:43 <DIR> d-------- e:\program files\fsfs
2009-02-21 21:15 . 2009-02-21 21:15 <DIR> d-------- e:\program files\TeamViewer
2009-02-21 21:15 . 2009-02-21 21:21 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\TeamViewer
2009-02-21 21:14 . 2009-02-21 21:14 <DIR> d-------- e:\documents and settings\admin\temp
2009-02-21 15:29 . 2008-04-14 22:51 221,184 --a------ e:\windows\system32\wmpns.dll
2009-02-21 14:50 . 2009-02-25 13:07 <DIR> d-a------ e:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a------ e:\windows\system32\drivers\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 32,128 --a--c--- e:\windows\system32\dllcache\usbccgp.sys
2009-02-21 14:14 . 2008-04-14 00:15 26,368 --a--c--- e:\windows\system32\dllcache\usbstor.sys
2009-02-21 10:42 . 2009-02-21 10:41 410,984 --a------ e:\windows\system32\deploytk.dll
2009-02-21 10:42 . 2009-02-21 10:41 73,728 --a------ e:\windows\system32\javacpl.cpl
2009-02-21 10:41 . 2009-02-21 10:41 <DIR> d-------- e:\program files\Java
2009-02-21 10:26 . 2009-02-21 10:26 <DIR> d-------- e:\documents and settings\admin\Dane aplikacji\Gadu-Gadu
2009-02-21 10:23 . 2009-02-21 10:23 <DIR> d-------- e:\program files\Gadu-Gadu
2009-02-20 19:55 . 2009-02-20 19:55 <DIR> d-------- e:\program files\7-Zip
2009-02-20 19:46 . 2009-02-20 19:46 <DIR> d-------- e:\program files\MSBuild
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\windows\system32\XPSViewer
2009-02-20 19:44 . 2009-02-20 19:44 <DIR> d-------- e:\program files\Reference Assemblies
2009-02-20 19:43 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- e:\windows\system32\xlive
2009-02-20 19:33 . 2009-02-20 19:33 <DIR> d-------- e:\program files\Microsoft Games for Windows - LIVE
2009-02-20 19:33 . 2008-03-05 15:56 3,786,760 --a------ e:\windows\system32\D3DX9_37.dll
2009-02-20 19:33 . 2008-03-05 15:56 1,420,824 --a------ e:\windows\system32\D3DCompiler_37.dll
2009-02-20 19:33 . 2008-02-05 23:07 462,864 --a------ e:\windows\system32\d3dx10_37.dll
2009-02-20 19:33 . 2007-04-04 18:53 81,768 --a------ e:\windows\system32\xinput1_3.dll
2009-02-20 19:16 . 2009-02-20 19:16 <DIR> d-------- e:\windows\ServicePackFiles
2009-02-20 19:15 . 2008-04-14 22:51 294,912 -----c--- e:\windows\system32\dllcache\dlimport.exe
2009-02-20 19:12 . 2006-12-29 00:31 19,569 --a------ e:\windows\002691_.tmp
2009-02-20 18:31 . 2009-02-21 18:59 <DIR> d-------- e:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 16:02 315,392 ----a-w e:\windows\HideWin.exe
2009-02-20 16:02 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-20 16:02 --------- d-----w e:\program files\Realtek
2009-02-20 16:01 --------- d-----w e:\program files\Common Files\InstallShield
2009-02-20 15:59 --------- d-----w e:\program files\AutoConnect
2009-02-20 15:49 --------- d-----w e:\program files\Konnekt
2009-02-20 15:46 --------- d-----w e:\program files\Thomson
2009-02-20 15:40 --------- d-----w e:\program files\AGEIA Technologies
2009-02-20 15:39 --------- d-----w e:\program files\Common Files\Wise Installation Wizard
2009-02-20 15:31 --------- d-----w e:\program files\microsoft frontpage
2009-02-20 15:30 --------- d-----w e:\program files\Usługi online
2009-01-21 16:11 473,600 ----a-w e:\windows\system32\SkanerOnline.dll
2009-01-07 10:28 453,152 ----a-w e:\windows\system32\NVUNINST.EXE
2008-12-10 08:45 70,936 ----a-w e:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w e:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w e:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w e:\windows\system32\PhysXCompatCplUI.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="e:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]
"Gadu-Gadu"="e:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="e:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"EXPLORER.EXE"="EXPLORER.EXE" [2008-04-14 e:\windows\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SpeedTouch USB Diagnostics"="e:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]
"WinampAgent"="e:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"nwiz"="nwiz.exe" [2009-01-15 e:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 e:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

e:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"e:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"e:\\WINDOWS\\system32\\java.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 sdAuxService;PC Tools Auxiliary Service;e:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-25 356920]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - IKFILESEC
*NewlyCreated* - IKSYSFLT
*NewlyCreated* - IKSYSSEC
*NewlyCreated* - MCHINJDRV
*NewlyCreated* - SDAUXSERVICE
*NewlyCreated* - SDCORESERVICE
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f85-0322-11de-8cb0-000e50f3c6d9}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f86-0322-11de-8cb0-000e50f3c6d9}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-25 e:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- e:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AutoConnect - e:\program files\AutoConnect\AutoConnect.exe
HKCU-Run-wsctf.exe - wsctf.exe


.
------- Skan uzupełniający -------
.
TCP: {E8136976-CCD6-49AC-8A98-27468187C0FC} = 194.204.159.1 217.98.63.164
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - e:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\ri2wntka.default\
FF - component: e:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: e:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 15:39:36
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-25 15:40:15
ComboFix-quarantined-files.txt 2009-02-25 14:40:13

Przed: 7 121 174 528 bajtów wolnych
Po: 7,137,517,568 bajtów wolnych

232




----



Co do tego pliku to troche mnie to zaskoczyło..

CODE-BOX
Scan taken on 25 Feb 2009 19:44:27 (GMT)
A-Squared
Found Email-Worm.Win32.Rays!IK
AntiVir
Found WORM/Rays
ArcaVir
Found Worm.Rays
Avast
Found Win32:Wukill-B
AVG Antivirus
Found Worm/VB.DLW
BitDefender
Found Win32.Wukill.E@mm
ClamAV
Found Worm.Rays.A
CPsecure
Found W32.Email.W.Rays
Dr.Web
Found Win32.HLLM.Xgray
F-Prot Antivirus
Found W32/Rays.A
F-Secure Anti-Virus
Found Email-Worm.Win32.Rays.c
Ikarus
Found Email-Worm.Win32.Rays
Kaspersky Anti-Virus
Found Email-Worm.Win32.Rays.c
NOD32
Found Win32/Wukill.B
Norman Virus Control
Found W32/Wukill.B
Panda Antivirus
Found W32/Wukill.A.worm
Sophos Antivirus
Found W32/Wukill-B
VirusBuster
Found Worm.Wukill.N
VBA32
Found Email-Worm.Win32.Rays

Użyłem SDFIX'a i

CODE-BOX
SDFix: Version 1.240
Run by admin on 2009-02-25 at 20:54

Microsoft Windows XP [Wersja 5.1.2600]
Running From: E:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 21:00:11
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"="E:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"D:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"="D:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"E:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="E:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe:*:Enabled:Java™ Platform SE binary"
"E:\\WINDOWS\\system32\\java.exe"="E:\\WINDOWS\\system32\\java.exe:*:Enabled:Java™ Platform SE binary"
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="E:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\Steam\\Steam.exe"="D:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Instalki\Instalki.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\jddownloader\jddownloader.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Mjusic :D\Mjusic :D.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Przemek\Przemek.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\jddownloader\tools\windows\windows.exe"

Finished!


  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 26 02 2009 - 01:13

Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Instalki\Instalki.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\jddownloader\jddownloader.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Mjusic :D\Mjusic :D.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\Przemek\Przemek.exe"
Sun 18 Oct 2026 65,024 ...H. --- "E:\Documents and Settings\admin\Pulpit\jddownloader\tools\windows\windows.exe"

To Twoje pliki?

Wklej do Notatnika:
File::
E:\comment.htt
E:\desktop.ini

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f85-0322-11de-8cb0-000e50f3c6d9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38491f86-0322-11de-8cb0-000e50f3c6d9}]
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--> Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

Opis "Wukill":
>http://www.sophos.com/security/analyses/vi...w32wukillb.html
Byle jakie tłumaczenie:

W32/Wukill-B jest robak internetowy e-mail, który może znaleźć się do kontaktów w książce adresowej programu Microsoft Outlook.

Robak kopiuje się do folderu Windows jako MSTRAY.EXE i tworzy następujący wpis rejestru, tak aby MSTRAY.EXE jest uruchamiany automatycznie przy każdym uruchomieniu systemu Windows:

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \
RavTimeXP = <Windows> \ MSTRAY.EXE

Robak może kopiować się na A: stacja dyskietek Winkill.exe i może również skopiować się do następujących folderów za pomocą losowej nazwy składające się z 1-5 znaków BZ z rozszerzeniem EXE:

<Windows> \ System
<Windows> \ Web
<Windows> \ Fonts
<Windows> \ Temp
<Windows> \ Help

W32/Wukill-B może również wrzucić nieszkodliwe danych plik o nazwie <Windows> \ Winfile.ini i COMMENT.HTT Desktop.ini jak i ukryte, systemu plików w katalogu głównym.

Ten robak może wyświetlić komunikat "Ostrzeżenie. Plik został Szkoda!" (Warning. This File Has Been Damage!) Na wykonanie:

W32/Wukill-B może otworzyć aplikację Menedżer plików, kiedy wykonywane na 28 danego miesiąca.


ordynat

  • 0

#3 Karu

Karu

    Początkujący

  • 18 postów

Napisano 25 03 2009 - 20:38

Koledzy mam to samo. Tylko, że u mnie plik sie nazywa WINDOWS, a oprócz tego jest jakiś ghost.bat, próbowałem zrobić to co tutaj było, ale nic nie dało. Pomózcie. Z góry Dziękuje. Proszę o bardzo szybką pomoc bo kumpel napisał, że może to się włamać na pocztę w outlooku, a siostra ma tam służbowe konto i moge mieć gładko mówiąc przeje****.
  • 0

#4 eunstachy

eunstachy

    Zaawansowany użytkownik

  • 512 postów

Napisano 25 03 2009 - 20:45

Wklej loga z combofixa.
  • 0

#5 Karu

Karu

    Początkujący

  • 18 postów

Napisano 25 03 2009 - 20:53

CODE-BOX
ComboFix 09-03-23.01 - Karol 2009-03-25 19:28:34.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3582.2943 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Karol\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Karol\Pulpit\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Utworzono nowy punkt przywracania

FILE ::
E:\comment.htt
E:\desktop.ini
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Ghost.bat
c:\recycler\RECYCLER.exe
C:\WINDOWS.exe
c:\windows\windows.exe
d:\recycler\RECYCLER.exe
E:\desktop.ini
e:\recycler\RECYCLER.exe
F:\Ghost.bat
f:\recycler\RECYCLER.exe

----- Powielacze/Replikatory plików -----

c:\config.msi\Config.Msi.exe
c:\documents and settings\Documents and Settings.exe
c:\documents and settings\Karol\Moje dokumenty\10\SZELDO VOL.10 - R.I.P.osta\SZELDO VOL.10 - R.I.P.osta.exe
c:\documents and settings\Karol\Moje dokumenty\18 WoS American Long Haul\mod\mod.exe
c:\documents and settings\Karol\Moje dokumenty\18 WoS American Long Haul\music\music.exe
c:\documents and settings\Karol\Moje dokumenty\18 WoS American Long Haul\save\save.exe
c:\garmin\Garmin.exe
c:\intel\Intel.exe
c:\mapsource\MapSource.exe
c:\msocache\MSOCache.exe
c:\my downloads\My Downloads.exe
c:\program files\Program Files.exe
c:\qoobox\Qoobox.exe
d:\filmy\Filmy.exe
d:\frap's movies\Frap's movies.exe
d:\frap's screens\Frap's screens.exe
d:\games\Games.exe
d:\mp3\anita\anita.exe
d:\mp3\MP3.exe
d:\mp3\Tatanka_And_Zany_Feat._MC_DV8_-_Connection-(DJUZ015)-WEB-2008-Homely\Tatanka_And_Zany_Feat._MC_DV8_-_Connection-(DJUZ015)-WEB-2008-Homely.exe
d:\my downloads\My Downloads.exe
d:\obrazy\Obrazy.exe
d:\programy\Adobe Acrobat Reader\Adobe Acrobat Reader.exe
d:\programy\Alcohol 120\Alcohol 120.exe
d:\programy\AVSDVDPlayer\AVSDVDPlayer.exe
d:\programy\AVSVideotoGO\AVSVideotoGO.exe
d:\programy\CDex_150\CDex_150.exe
d:\programy\DivX\DivX.exe
d:\programy\ffdshow\ffdshow.exe
d:\programy\Gadu-Gadu\Gadu-Gadu.exe
d:\programy\Garmin\Garmin.exe
d:\programy\GG Skin Manager\GG Skin Manager.exe
d:\programy\IPLA\IPLA.exe
d:\programy\IrfanView\IrfanView.exe
d:\programy\Ivona_Rehab-1.0\Ivona_Rehab-1.0.exe
d:\programy\Kamerzysta\Kamerzysta.exe
d:\programy\Mapa Polski 2008\Mapa Polski 2008.exe
d:\programy\MP3CUT\MP3CUT.exe
d:\programy\NAPI-PROJEKT\NAPI-PROJEKT.exe
d:\programy\NCH Software\NCH Software.exe
d:\programy\NCH Swift Sound\NCH Swift Sound.exe
d:\programy\Nokia PC Suite\Nokia PC Suite.exe
d:\programy\Nokia PCSuite\Nokia PCSuite.exe
d:\programy\Pivot\Pivot.exe
d:\programy\PoiEdit2007\PoiEdit2007.exe
d:\programy\Programy.exe
d:\programy\Real Alternative\Real Alternative.exe
d:\programy\TuneUP Utilities\TuneUP Utilities.exe
d:\programy\UniSpiker-2.6\UniSpiker-2.6.exe
d:\programy\Winamp\Plugins\Plugins.exe
d:\programy\Winamp\Skins\Skins.exe
d:\programy\Winamp\System\System.exe
d:\programy\Winrar\Winrar.exe
d:\sss\13.Hours.In.A.Warehouse.2008.DVDRip.XviD-DOMiNO\13.Hours.In.A.Warehouse.2008.DVDRip.XviD-DOMiNO.exe
d:\sss\Dlaczego.Nie.2007.PL.DVDRiP.XviD-KiNO\Dlaczego.Nie.2007.PL.DVDRiP.XviD-KiNO.exe
d:\sss\House.2008.LiMiTED.DVDRiP.XViD-HLS\House.2008.LiMiTED.DVDRiP.XViD-HLS.exe
d:\sss\My.Best.Friends.Girl.R5.LINE.XviD-COALiTiON\My.Best.Friends.Girl.R5.LINE.XviD-COALiTiON.exe
d:\sss\Nie.Klam.Kochanie.2008.TS.XviD-ProPL\Nie.Klam.Kochanie.2008.TS.XviD-ProPL.exe
d:\sss\P.S. I Love You [2007]DvDrip[Eng]-FXG\P.S. I Love You [2007]DvDrip[Eng]-FXG.exe
d:\sss\sss.exe
d:\tapety\Tapety.exe
D:\WINDOWS.EXE
d:\winfast workarea\WinFast WorkArea.exe
e:\3dsmax7\3dsmax7.exe
e:\3dsmax7\abcache\abcache.exe
e:\3dsmax7\autoback\autoback.exe
e:\3dsmax7\Defaults\Defaults.exe
e:\3dsmax7\maps\maps.exe
e:\3dsmax7\plugcfg\plugcfg.exe
e:\3dsmax7\plugins\plugins.exe
e:\3dsmax7\scripts\scripts.exe
e:\3dsmax7\UI\UI.exe
e:\filmy\Filmy.exe
e:\gta iv\gta iv.exe
e:\gta iv\Nokia PC Suite 7\Nokia PC Suite 7.exe
e:\gta iv\Teamspeak2_RC2\Teamspeak2_RC2.exe
e:\nowy folder\ffg\ffg.exe
e:\nowy folder\Fotki\Fotki.exe
e:\nowy folder\kurs offline\kurs offline.exe
e:\nowy folder\Ludzie\Ludzie.exe
e:\nowy folder\Nowy folder.exe
e:\nowy folder\Praca maturalna\Praca maturalna.exe
e:\seagate anity\anitka\Cookies\Cookies.exe
e:\seagate anity\anitka\Dane aplikacji\Dane aplikacji.exe
e:\seagate anity\anitka\Gadu-Gadu\Anita\Anita.exe
e:\seagate anity\anitka\Gadu-Gadu\Anita\imgcache\imgcache.exe
e:\seagate anity\anitka\Gadu-Gadu\Dori\Dori.exe
e:\seagate anity\anitka\Gadu-Gadu\Estera\Estera.exe
e:\seagate anity\anitka\Gadu-Gadu\Ewelina\Ewelina.exe
e:\seagate anity\anitka\Gadu-Gadu\Gadu-Gadu.exe
e:\seagate anity\anitka\Gadu-Gadu\Ja\Ja.exe
e:\seagate anity\anitka\Gadu-Gadu\Ja1\Ja1.exe
e:\seagate anity\anitka\Gadu-Gadu\Ja2\Ja2.exe
e:\seagate anity\anitka\Gadu-Gadu\Ja3\Ja3.exe
e:\seagate anity\anitka\Gadu-Gadu\Ola\Ola.exe
e:\seagate anity\anitka\Menu Start\Menu Start.exe
e:\seagate anity\anitka\Moje dokumenty\Moje dokumenty.exe
e:\seagate anity\anitka\NetHood\NetHood.exe
e:\seagate anity\anitka\PrintHood\PrintHood.exe
e:\seagate anity\anitka\Pulpit\Pulpit.exe
e:\seagate anity\anitka\Recent\Recent.exe
e:\seagate anity\anitka\SendTo\SendTo.exe
e:\seagate anity\anitka\Szablony\Szablony.exe
e:\seagate anity\anitka\Ulubione\Ulubione.exe
e:\seagate anity\anitka\Ustawienia lokalne\Ustawienia lokalne.exe
e:\seagate anity\D;\D;.exe
e:\seagate anity\Seagate Anity.exe
E:\WINDOWS.EXE
e:\winfast workarea\WinFast WorkArea.exe
e:\zdjecia1\Zdjecia1.exe
e:\zdjęcia\Zdjęcia.exe
f:\gry\_Landwirtschafts-Simulator_2008_\_Landwirtschafts-Simulator_2008_.exe
f:\gry\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS.exe
f:\gry\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS.exe
f:\gry\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS\help_files\help_files.exe
f:\gry\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS\lib\lib.exe
f:\gry\18.Wheels.Of.Steel.Haulin-FAS\18.Wheels.Of.Steel.Haulin-FAS\licenses\licenses.exe
f:\gry\Burnout Paradise\Burnout Paradise.exe
f:\gry\burnout_blizz\burnout_blizz.exe
f:\gry\Call of Duty 4\Call of Duty 4.exe
f:\gry\Fahr Simulator 2009\Fahr Simulator 2009.exe
f:\gry\FC2\FC2.exe
f:\gry\FS09_by_juvek\FS09_by_juvek.exe
f:\gry\Grand Theft Auto IV\Grand Theft Auto IV.exe
f:\gry\gry.exe
f:\gry\GTA San Andreas\GTA San Andreas.exe
f:\gry\GTA\GTA.exe
f:\gry\Guitar Hero III\Guitar Hero III.exe
f:\gry\kub1\kub1.exe
f:\gry\kub2\kub2.exe
f:\gry\Mafia\Mafia.exe
f:\gry\Mafiaa\Mafiaa.exe
f:\gry\MBWR\MBWR.exe
f:\gry\medal of honor wojna na pacyfiku\medal of honor wojna na pacyfiku.exe
f:\gry\Need.For.Speed.Undercover-RELOADED\Need.For.Speed.Undercover-RELOADED.exe
f:\gry\NFS Undercover\NFS Undercover.exe
f:\gry\Ojciec Chrzestny\Ojciec Chrzestny.exe
f:\gry\Return to Castle Wolfenstein\Return to Castle Wolfenstein.exe
f:\gry\RGSC\RGSC.exe
F:\WINDOWS.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Pliki utworzone od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 13:29 . 2009-03-25 17:19 952 ---hs---- c:\documents and settings\folder.htt
2009-03-25 13:29 . 2009-03-25 13:29 937 --a------ C:\NetHood.htm
2009-03-25 13:29 . 2009-03-25 13:29 937 ---hs---- C:\folder.htt
2009-03-25 13:29 . 2001-07-21 23:36 2 ---hs---- c:\documents and settings\desktop.ini
2009-03-25 13:29 . 2001-07-21 23:36 2 ---hs---- C:\desktop.ini
2009-02-28 15:00 . 2009-03-20 19:42 <DIR> d-------- c:\documents and settings\Karol\Dane aplikacji\teamspeak2

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 18:32 671,776 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-25 18:32 5,472 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-25 18:32 4,135,968 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-25 18:32 36,536 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-25 18:25 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\Skype
2009-03-25 17:57 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\skypePM
2009-03-25 16:19 943 --sh--w c:\program files\folder.htt
2009-03-24 15:41 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-24 15:01 --------- d-----w c:\program files\Common Files\Adobe
2009-03-23 19:42 --------- d-----w c:\program files\Common Files\Onet.pl
2009-03-22 18:12 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\uTorrent
2009-03-20 15:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 19:15 --------- d-----w c:\program files\BearShare
2009-03-14 12:36 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\gtk-2.0
2009-03-12 05:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-24 19:40 --------- d-----w c:\program files\Common Files\PCSuite
2009-02-24 19:39 --------- d-----w c:\program files\Common Files\Nokia
2009-02-24 19:30 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations
2009-02-22 12:52 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\Canneverbe_Limited
2009-02-22 12:46 --------- d-----w c:\program files\TeamViewer
2009-02-21 08:14 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-18 14:29 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\TeamViewer
2009-02-15 18:03 --------- d-----w c:\program files\Image-Line
2009-02-15 11:21 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\FarmingSimulator2008
2009-02-14 17:36 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-14 17:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-14 11:14 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-11 13:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-02-11 13:52 --------- d-----w c:\program files\Electronic Arts
2009-02-11 06:57 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\InstallShield
2009-02-07 11:27 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\DAEMON Tools Pro
2009-02-07 11:27 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\DAEMON Tools Lite
2009-02-07 11:27 --------- d-----w c:\documents and settings\Karol\Dane aplikacji\DAEMON Tools
2009-02-07 11:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-02-07 11:26 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-01-26 14:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-26 14:26 --------- d-----w c:\program files\AGEIA Technologies
2001-07-21 22:36 2 --sh--w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot_2009-03-25_12.23.44.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 01:53:12 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
+ 2008-08-20 17:58:58 44,944 ------w c:\windows\system32\drivers\PxHelp20.sys
- 2008-05-13 01:53:12 551,672 ------w c:\windows\system32\px.dll
+ 2008-08-20 17:58:58 670,192 ------w c:\windows\system32\px.dll
- 2008-05-13 01:53:12 129,784 ------w c:\windows\system32\pxafs.dll
+ 2008-08-20 17:58:58 129,520 ------w c:\windows\system32\pxafs.dll
- 2008-05-13 01:53:12 66,296 ------w c:\windows\system32\pxcpya64.exe
+ 2008-08-20 17:58:58 66,544 ------w c:\windows\system32\pxcpya64.exe
- 2008-05-13 01:53:12 518,904 ------w c:\windows\system32\pxdrv.dll
+ 2008-08-20 17:58:58 551,408 ------w c:\windows\system32\pxdrv.dll
- 2008-05-13 01:53:14 72,440 ------w c:\windows\system32\pxhpinst.exe
+ 2008-08-20 17:58:58 72,176 ------w c:\windows\system32\pxhpinst.exe
- 2008-05-13 01:53:12 64,760 ------w c:\windows\system32\pxinsa64.exe
+ 2008-08-20 17:58:58 66,032 ------w c:\windows\system32\pxinsa64.exe
- 2008-05-13 01:53:14 187,128 ------w c:\windows\system32\pxmas.dll
+ 2008-08-20 17:58:58 219,632 ------w c:\windows\system32\pxmas.dll
- 2008-05-13 01:53:12 1,628,920 ------w c:\windows\system32\pxsfs.dll
+ 2008-08-20 17:58:58 1,858,032 ------w c:\windows\system32\pxsfs.dll
- 2008-05-13 01:53:12 379,640 ------w c:\windows\system32\pxwave.dll
+ 2008-08-20 17:59:00 436,720 ------w c:\windows\system32\pxwave.dll
- 2008-05-13 01:53:12 88,824 ------w c:\windows\system32\vxblock.dll
+ 2008-08-20 17:59:00 96,752 ------w c:\windows\system32\vxblock.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ c:\program files\free-downloads.net\tbfre0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 525600]
"Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 226864]
"RGSC"="f:\gry\RGSC\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-13 306088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"DAEMON Tools Lite"="e:\karol\moje programy\DAEMON Tools Lite\daemon.exe" [BU]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2842624]
"PC Suite Tray"="e:\gta iv\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1287680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 222768]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 356352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 103280]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 218512]
"lsassxp"="c:\windows\lsassxp.exe" [2008-09-24 1226271]
"Onet.pl AutoUpdate"="c:\program files\Common Files\Onet.pl\AutoUpdate.exe" [2005-07-27 329728]
"pdfFactory Pro Dyspozytor v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-02-12 667648]
"TempCom"="c:\windows\FONTS\5E615.com" [2005-09-02 126976]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-02-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Anita\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 179264]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\programy\Adobe Acrobat Reader\Reader\reader_sl.exe [2004-12-14 107520]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 366296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Games\\Medal of Honor Pacific Assault\\mohpa.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Games\\Medal of Honor Pacific Assault\\mohpa_server.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\ALCMTR.EXE"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"d:\\Programy\\Adobe Acrobat Reader\\Reader\\reader_sl.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\WinFast\\WFTVFM\\WFWIZ.exe"=
"c:\\PROGRA~1\\COMMON~1\\Nokia\\MPAPI\\MPAPI3s.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\WinFast\\WFTVFM\\WFCPUUSE.EXE"=
"c:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"d:\\Programy\\Adobe Acrobat Reader\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\msohtmed.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\WinFast\\WFTVFM\\WFTV.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\jucheck.exe"=
"c:\\WINDOWS\\lsassxp.exe"=
"c:\\Program Files\\Common Files\\LightScribe\\LSRunOnce.exe"=
"c:\\Program Files\\Common Files\\Nokia\\MPAPI\\MPAPI3s.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclRSSrv.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\backburner 2\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTEM.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\ComboFix\\NirCmd.cfexe"=
"d:\\Games\\racer073\\racer\\racer.exe"=
"f:\\gry\\Burnout Paradise\\BurnoutLauncher.exe"=
"f:\\gry\\Burnout Paradise\\BurnoutConfigTool.exe"=
"f:\\gry\\Burnout Paradise\\BurnoutParadise.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"f:\\gry\\Guitar Hero III\\GH3.exe"=
"f:\\gry\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"f:\\gry\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis3a.exe"=
"f:\\gry\\RGSC\\Rockstar Games Social Club\\1_1_3_0\\RGSC.exe"=
"c:\\Program Files\\Common Files\\Onet.pl\\AutoUpdate.exe"=
"e:\\gta iv\\Nokia PC Suite 7\\PCSuite.exe"=
"f:\\gry\\FC2\\Far Cry 2\\bin\\FarCry2.exe"=
"f:\\gry\\FC2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"f:\\gry\\FC2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Documents and Settings\\Karol\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-02-22 43792]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-02-22 73344]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2008-05-29 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2008-05-29 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2008-05-29 34789]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-05-29 9446]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - ASC3360PR

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44172262-bdec-11dd-b360-001d7dd3e3f7}]
\shell\AUtoplay\cOmmaNd - I:\lgjq.exe
\shell\AutoRun\command - I:\lgjq.exe
\shell\EXplOrE\COmmand - I:\lgjq.exe
\shell\oPen\COMMAnd - I:\lgjq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990c53d7-9ab1-11dd-b26c-001d7dd3e3f7}]
\Shell\AutoRun\command - H:\tvlx2fg.exe
\Shell\open\Command - H:\tvlx2fg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUP Utilities\SystemOptimizer.exe [2005-09-21 22:35]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.skype.com/go/help.guides.ieaddon?lang=en
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.pl\mks
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 19:34:07
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1677128483-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:89,78,e6,f2,27,00,79,c8,1a,03,63,76,0e,bb,b4,f5,6a,8c,79,0a,a9,3e,37,
08,dc,74,28,a5,b5,ce,c8,3d,58,0e,53,d5,91,04,6c,0a,e0,09,bb,4b,25,0a,19,f7,\
"??"=hex:86,03,75,d1,53,f9,b2,fa,7e,ca,8d,be,6c,91,c4,bb

[HKEY_USERS\S-1-5-21-1060284298-1677128483-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:dc,73,61,3a,84,47,ed,2c,98,29,54,6b,09,d3,1c,99,84,65,d4,29,7d,
fe,b3,f2,f0,4f,ed,e1,06,40,2b,24,76,88,e9,db,b5,04,cf,1e,25,76,99,d5,a3,f6,\
"rkeysecu"=hex:5d,7c,7f,06,b2,19,11,4f,13,7d,87,43,75,df,0e,ea
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\klogon.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-25 19:37:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-25 18:37:30
ComboFix2.txt 2009-03-25 12:16:39
ComboFix3.txt 2009-03-25 11:25:15
ComboFix4.txt 2009-01-27 12:51:31

Przed: 9 690 652 672 bajtów wolnych
Po: 9,672,130,560 bajtów wolnych

467 --- E O F --- 2009-03-12 05:45:00

Użytkownik eunstachy edytował ten post 25 03 2009 - 21:10

  • 0

#6 eunstachy

eunstachy

    Zaawansowany użytkownik

  • 512 postów

Napisano 25 03 2009 - 21:12

Ghost.bat i WINDOWS.exe zostały już automatycznie usunięte przez combofixa.
  • 0

#7 FusioN822

FusioN822

    Początkujący

  • 31 postów

Napisano 25 03 2009 - 21:19

pisze w imieniu kolegi Karu - otóż on twierdzi że dalej ma te ikonki na pc'cie
  • 0

#8 Karu

Karu

    Początkujący

  • 18 postów

Napisano 26 03 2009 - 11:50

Niby usunął, a folder i ghost.bat robią się ciągle ;/.
  • 0

#9 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 26 03 2009 - 12:22

Wklej do notatnika :
File::
F:\WINDOWS.EXE
c:\program files\folder.htt

Registry::
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44172262-bdec-11dd-b360-001d7dd3e3f7}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{990c53d7-9ab1-11dd-b26c-001d7dd3e3f7}]

Plik>>Zapisz jako... >>> CFScript.txt
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
Dołączona grafika


Masz 2 antywirusy ??

KasperskyAntiVirus
SymantecAntiVirus


  • 0

#10 Karu

Karu

    Początkujący

  • 18 postów

Napisano 26 03 2009 - 12:38

Wiem, że jakiś Kaspersky jest. Nieczynny. Zainstalowałem Spyware Doctor.
EDIT\\\\\\\
Zrobiłem tak jak mi kazałeś, ale nic z tego, znowu te ikonki ;/. Nie znam dobrze obslugi Spyware Doctor, ale on może mi pomoże rozwiązać problem.
  • 0

#11 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 26 03 2009 - 13:52

Sposób ten dziala na 100% gdy mamy jakiegos anty-vira i wczesniej przeprowadziłeś skanowanie dysków...

wchodzisz w C:\WINDOWS\system32, tam jest gdzies plik svchost.exe narazie go nieruszamy

Wchodzisz tu :
http://www.4shared.com/file/95075844/f461ca7e/svchost.html
i ściągasz plik svchost.exe i zapisujesz np. na pulpicie

wciskasz ctrl + alt + del, wybierasz procesy, widzisz tam 5 lub 6 procesow svchost.exe

kopiujesz plik svchost.exe z pulpitu i trzymasz w pamieci,
zakańczasz procesy svchost.exe jak najszybciej to tylko mozliwe i wklejasz szybko podmieniajac stary
plik svchost.exe na nowy w folderze C:\WINDOWS\system32 ! jezeli wyskoczyl komunikat ze jest uzywany to znaczy ze procesy svchost.exe
znow sie wlaczyly bo wlaczaja sie po ok 5 sekundach wiec trzeba zrobic to szybko ! :thumbsup:
po podmianie czekasz chwile aż komp sie uspokoi, restartujemy system.

  • 0


Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych