Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[wirus]Problem z wirusem W32/Sircam

Rozpoczęty przez skicaj , 11 12 2008 16:02

Temat jest zamknięty

6 odpowiedzi w tym temacie

#1 skicaj

Nowy

4 postów

Napisano 11 12 2008 - 16:02

Witam!
Mam problem, mianowicie nie mogę zainstalować żadnego programu ani ściagnać aktualizacji, ponieważ wyrzuca mi komunikat : "System windows nie może odnaleźć pliku "c:\ścieżka.exe Upewnij się, że wpisana nazwa jest poprawna i spróbuj ponownie.". Znalazłem, że jest to wirus W32/Sircam, jak go usunąć?
Oto log z ComboFixa

CODE-BOX

ComboFix 08-12-09.03 - Piotr 2008-12-11 14:36:54.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.623 [GMT 1:00]
Uruchomiony z: c:\users\Piotr\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-11 do 2008-12-11 )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 13:32 --------- d-----w c:\users\Piotr\AppData\Roaming\uTorrent
2008-11-26 12:31 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 12:31 --------- d-----w c:\program files\Common Files\Novell Shared
2008-11-21 20:17 --------- d-----w c:\program files\Excel XP-2003 - praktyczny kurs obsługi
2008-11-18 18:11 --------- d-----w c:\program files\EAGLE-4.11
2008-11-02 15:20 --------- d-----w c:\program files\Mozilla Thunderbird
2008-10-27 16:59 --------- d-----w c:\program files\Lavalys
2008-10-23 14:40 --------- d-----w c:\users\Piotr\AppData\Roaming\Nokia
2008-10-23 14:34 --------- d-----w c:\program files\Nokia
2008-10-23 14:33 --------- d-----w c:\program files\Common Files\Nokia
2008-10-23 14:33 --------- d-----w c:\progra~2\Installations
2008-10-23 14:29 --------- d-----w c:\users\Piotr\AppData\Roaming\PC Suite
2008-10-23 14:21 --------- d-----w c:\program files\Common Files\PCSuite
2008-10-23 14:20 --------- d-----w c:\program files\PC Connectivity Solution
2008-10-22 03:43 95,232 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2008-10-22 03:43 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 03:43 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2008-10-20 11:39 --------- d-----w c:\program files\Tetris 5000
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll
2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-16 07:51 --------- d-----w c:\program files\Windows Mail
2008-10-14 14:06 --------- d-----w c:\program files\Arjaloc
2008-10-08 14:46 270,128 ----a-w C:\utorrent.exe
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-22 06:00 174 --sha-w c:\program files\desktop.ini
2007-11-14 17:34 22,328 ----a-w c:\users\Piotr\AppData\Roaming\PnkBstrK.sys
2002-08-08 04:11 319,488 ----a-r c:\users\Piotr\AppData\Roaming\MafiaSetup.exe
2006-01-23 08:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 12:40 132,848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\programy\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1E0809CE-FF0E-4457-9631-8EC1B7AE9F6F}d:\\programy\\gadu-gadu\\gg.exe"= UDP:d:\programy\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{D9CEAC2F-14E3-46E2-8C2F-731836AEAF64}d:\\programy\\gadu-gadu\\gg.exe"= TCP:d:\programy\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{13208403-7651-4277-A864-AF4760E3C20A}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3AF5BC12-574A-47E4-93BB-588533C6B332}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{3FE5E535-178B-4F4D-AD2D-0EA5D2A8E049}d:\\programy\\dc++\\dcplusplus.exe"= UDP:d:\programy\dc++\dcplusplus.exe:DC++
"UDP Query User{EC6E2F6E-3380-446A-9AC5-5A284F711C67}d:\\programy\\dc++\\dcplusplus.exe"= TCP:d:\programy\dc++\dcplusplus.exe:DC++
"TCP Query User{A4765AE5-6607-451D-B160-967C11384D18}d:\\downloads\\ageofempires2\\empires2.exe"= UDP:d:\downloads\ageofempires2\empires2.exe:Age of Empires II
"UDP Query User{7F6BAE66-AE78-483E-9D30-74DA37D7FAB0}d:\\downloads\\ageofempires2\\empires2.exe"= TCP:d:\downloads\ageofempires2\empires2.exe:Age of Empires II
"TCP Query User{BA236DB6-0619-4382-AAB7-F1380F6BF4E8}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay
"UDP Query User{C2FFF72E-4AC8-407C-A414-BA6567461367}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay
"TCP Query User{DAEE6637-F48B-49FD-BDA9-CD5691966D0E}d:\\gry\\age of empires\\empires2.exe"= UDP:d:\gry\age of empires\empires2.exe:Age of Empires II
"UDP Query User{B57E0F2E-9C0E-43BA-975F-A0B7A8C26D23}d:\\gry\\age of empires\\empires2.exe"= TCP:d:\gry\age of empires\empires2.exe:Age of Empires II
"TCP Query User{73F06E4F-D9CF-4A29-AD05-8B514255E9C1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{887CCC63-DA4D-4C1A-BBA5-A3735D2501CB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A3357C14-8A29-4F8D-813C-BDE49C25DF14}d:\\programy\\pandion\\pandion.exe"= UDP:d:\programy\pandion\pandion.exe:Pandion Instant Messenger
"UDP Query User{28212B3D-DE75-47E2-B649-52F7491CED82}d:\\programy\\pandion\\pandion.exe"= TCP:d:\programy\pandion\pandion.exe:Pandion Instant Messenger
"TCP Query User{F540D901-CEE5-4613-AB08-348B5650D7A6}d:\\programy\\spik\\spik.exe"= UDP:d:\programy\spik\spik.exe:Spik
"UDP Query User{FC5EA177-4040-4085-BCA4-3B5CBF21CB9E}d:\\programy\\spik\\spik.exe"= TCP:d:\programy\spik\spik.exe:Spik
"TCP Query User{1A52A2E8-8060-4A46-8436-8CB6D137EE80}d:\\gry\\hamachi\\hamachi.exe"= UDP:d:\gry\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{2A95EE9D-51D8-4E52-A630-0A022A2D456E}d:\\gry\\hamachi\\hamachi.exe"= TCP:d:\gry\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{A261A3A8-54FB-4381-B7EC-678E2D4E95E4}d:\\programy\\emule\\emule.exe"= UDP:d:\programy\emule\emule.exe:eMule
"UDP Query User{F73AAD1F-40D4-41A0-9A91-A594DAFBDD21}d:\\programy\\emule\\emule.exe"= TCP:d:\programy\emule\emule.exe:eMule
"TCP Query User{5B0A301B-3A5E-4409-A47A-86A7C4B21354}d:\\programy\\konnekt\\konnekt.exe"= UDP:d:\programy\konnekt\konnekt.exe:Konnekt - Core
"UDP Query User{14E6C3C0-A3C3-44FD-A2B6-9BF74F0A779B}d:\\programy\\konnekt\\konnekt.exe"= TCP:d:\programy\konnekt\konnekt.exe:Konnekt - Core
"TCP Query User{8D1A6664-57DD-4D01-8781-59418F253C19}d:\\programy\\napi-projekt\\napisy.exe"= UDP:d:\programy\napi-projekt\napisy.exe:www.napiprojekt.pl
"UDP Query User{3F51698D-E438-4C3B-9995-D2D661971156}d:\\programy\\napi-projekt\\napisy.exe"= TCP:d:\programy\napi-projekt\napisy.exe:www.napiprojekt.pl
"TCP Query User{6E258138-A02B-4DEB-A8B3-57E0903C2B0C}d:\\programy\\konnekt\\konnekt.exe"= UDP:d:\programy\konnekt\konnekt.exe:Konnekt - Core
"UDP Query User{5EEC29F6-7268-424F-96BE-0F6F1D51754C}d:\\programy\\konnekt\\konnekt.exe"= TCP:d:\programy\konnekt\konnekt.exe:Konnekt - Core
"TCP Query User{99356851-F6A6-4CFF-9330-DCBA8D22706D}d:\\programy\\sopcast\\sopcast.exe"= UDP:d:\programy\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E9662157-196D-46AA-B492-18DBE484D97D}d:\\programy\\sopcast\\sopcast.exe"= TCP:d:\programy\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{F25AD7E9-037A-4EA2-B45C-1DE2E3FAF22D}d:\\gry\\colin mcrae rally 2\\cmr2.exe"= UDP:d:\gry\colin mcrae rally 2\cmr2.exe:Colin McRae Rally 2
"UDP Query User{81C89D47-028E-411B-A396-6746F869BDFE}d:\\gry\\colin mcrae rally 2\\cmr2.exe"= TCP:d:\gry\colin mcrae rally 2\cmr2.exe:Colin McRae Rally 2
"TCP Query User{54A3B42A-D87F-4262-87CA-9A5737A577B3}d:\\downloads\\counter strike\\hl.exe"= UDP:d:\downloads\counter strike\hl.exe:Half-Life Launcher
"UDP Query User{1BC84A24-9CAA-4B86-B12B-E9D1B6789115}d:\\downloads\\counter strike\\hl.exe"= TCP:d:\downloads\counter strike\hl.exe:Half-Life Launcher
"{5984BFA1-0CD2-4F40-B848-B09CE8348D5D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{28EA5C56-9FF7-4C5F-84F7-3E2EC76D52F8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{13EF565A-E21C-47F1-BA86-5BC7EB592D23}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{23665158-DBC8-4AA0-BEC2-B8E26BF34B07}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6FB9593E-C928-4A06-9082-9BA467B4A1DD}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay
"UDP Query User{B3E73AAF-E6F5-4328-A71B-E7F7AEAC8946}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Pomoc programu Microsoft DirectPlay
"TCP Query User{B3118306-51DA-4791-A48C-6854304B0AAD}d:\\gry\\colin mcrae rally 2\\cmr2.exe"= UDP:d:\gry\colin mcrae rally 2\cmr2.exe:Colin McRae Rally 2
"UDP Query User{7BE7668F-05D5-4DFC-88D1-3D47E676F394}d:\\gry\\colin mcrae rally 2\\cmr2.exe"= TCP:d:\gry\colin mcrae rally 2\cmr2.exe:Colin McRae Rally 2
"TCP Query User{A87BA51A-4AFB-4495-8C77-9B889444528D}d:\\gry\\colin mcrae rally 2\\cmr2network.exe"= UDP:d:\gry\colin mcrae rally 2\cmr2network.exe:Colin McRae Rally 2
"UDP Query User{FF2DCE2B-E08B-4A3F-9F04-C0043F7A6B1C}d:\\gry\\colin mcrae rally 2\\cmr2network.exe"= TCP:d:\gry\colin mcrae rally 2\cmr2network.exe:Colin McRae Rally 2
"TCP Query User{50423CE3-DB58-43FD-8552-E4E0E0FAFAF9}d:\\programy\\emule\\emule.exe"= UDP:d:\programy\emule\emule.exe:eMule
"UDP Query User{18C74F46-502A-4964-99AE-C1A5BDC1642C}d:\\programy\\emule\\emule.exe"= TCP:d:\programy\emule\emule.exe:eMule
"TCP Query User{1CED5372-AD9C-46BA-8DA6-BD424E996510}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EF5A971D-959E-4AFD-A191-398FE6EC815A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{9213123E-4F6E-4F9C-886D-69389D6E2962}c:\\utorrent.exe"= UDP:C:\utorrent.exe:utorrent
"UDP Query User{396D707E-DB4D-4DFB-AE4D-7CFE40BCA670}c:\\utorrent.exe"= TCP:C:\utorrent.exe:utorrent
"TCP Query User{824DB98A-ADEF-4A1B-8A50-6EC8E53858D3}c:\\users\\piotr\\desktop\\utorrent.exe"= UDP:c:\users\piotr\desktop\utorrent.exe:utorrent.exe
"UDP Query User{5E670E8D-F4AA-4C7A-AB8E-845E2067A9BB}c:\\users\\piotr\\desktop\\utorrent.exe"= TCP:c:\users\piotr\desktop\utorrent.exe:utorrent.exe
"TCP Query User{507F82C6-454B-4423-9C1B-04082E3E5A53}c:\\users\\piotr\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\piotr\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{A5BB5AC1-63B3-42D7-93D4-49C576032D8D}c:\\users\\piotr\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\piotr\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"{1961850D-2740-4268-9FF3-81FBDDFE116F}"= UDP:61907:utorrent
"TCP Query User{67601981-1C22-489F-AEBA-5ADEA9A5D604}c:\\utorrent.exe"= UDP:C:\utorrent.exe:utorrent
"UDP Query User{A86D8F25-E38C-4839-8DE5-9F2185C959F0}c:\\utorrent.exe"= TCP:C:\utorrent.exe:utorrent
"{04305326-D66F-4B79-91D9-0B9A236AA09D}"= UDP:80:HTTP
"TCP Query User{340687CA-5B04-4487-BAAF-80DF4F1C049D}d:\\gry\\don't get angry 2\\da2.exe"= UDP:d:\gry\don't get angry 2\da2.exe:DA2
"UDP Query User{1D7EC169-3686-493B-8DA9-BC23AF4B2DF5}d:\\gry\\don't get angry 2\\da2.exe"= TCP:d:\gry\don't get angry 2\da2.exe:DA2
"TCP Query User{31974E36-C40C-4231-9CD8-162F0886B6EB}d:\\gry\\don't get angry 2\\da2.exe"= UDP:d:\gry\don't get angry 2\da2.exe:DA2
"UDP Query User{B8AD74D8-C78E-4F7F-A9C9-69008CD095AF}d:\\gry\\don't get angry 2\\da2.exe"= TCP:d:\gry\don't get angry 2\da2.exe:DA2
"TCP Query User{FC24BDD0-478C-4AAA-8115-DD9B7EC15BB6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{83F33149-3CE6-4395-B528-07A0CC7E6520}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6C32556E-2F0D-4FF8-8309-804CE1E08EE5}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{2C1F0113-DD39-4DE9-8EB7-E3517C4C7097}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{8C3B8919-AC38-49DE-9E12-6FEE157D3BBB}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{A6B18EB0-7462-4B32-B55C-8AB46DA2F10D}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{F730A35B-A186-40DD-980E-446655910218}c:\\program files\\ipla\\ipla.exe"= UDP:c:\program files\ipla\ipla.exe:ipla
"UDP Query User{70151C2C-C78C-4C84-A96A-8773E1884E1E}c:\\program files\\ipla\\ipla.exe"= TCP:c:\program files\ipla\ipla.exe:ipla
"TCP Query User{D8F0712F-9435-463B-83F7-2F5D0C97A7A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{56EE57BA-1D7C-4099-ABC5-29052667A568}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{47E12501-259B-41BC-8FC0-92EC5FD46B23}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{679610AF-8CD9-40F0-BBE9-B69CC6F675D5}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{2DFE305C-C259-44FF-9B94-3A199E7C9433}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{50453BE1-9BBA-4011-93EF-FD3C3FBD6589}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-12-19 28800]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 78416]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-04 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2007-04-01 51280]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e4cce51-95cf-11dd-9d31-00030d5512a6}]
\shell\AutoRun\command - 2u.com
\shell\explore\Command - 2u.com
\shell\open\Command - 2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f263c3-9ffd-11dd-9269-00030d5512a6}]
\shell\AutoRun\command - H:\2u.com
\shell\explore\Command - H:\2u.com
\shell\open\Command - H:\2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36716451-9c2e-11dc-9eac-00030d5512a6}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{476f2990-a8ef-11dd-9c96-00030d5512a6}]
\shell\AutoRun\command - H:\m9ma.exe
\shell\explore\Command - H:\m9ma.exe
\shell\open\Command - H:\m9ma.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594c778c-e762-11db-bec1-00a1b009fe04}]
\shell\AutoRun\command - 2fiji.com
\shell\explore\Command - 2fiji.com
\shell\open\Command - 2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65252d2e-fc0b-11db-be83-00a1b009fe04}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c66519-e07c-11db-9fdc-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e04608ad-8316-11dc-9a6e-00030d5512a6}]
\shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-Google Update - c:\users\Piotr\AppData\Local\Google\Update\GoogleUpdate.exe

.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - c:\program files\WinSysClean 2008 Trial\UDManager\UDManager.exe -
LSP: c:\windows\system32\wpclsp.dll
FireFox -: Profile - c:\users\Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\7lglfcpn.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF -: plugin - d:\programy\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - d:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 14:40:14
Windows 6.0.6000 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'Explorer.exe'(608)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Czas ukończenia: 2008-12-11 14:41:10
ComboFix-quarantined-files.txt 2008-12-11 13:40:45

Przed: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.
Po: 1,383,817,216 bajtów wolnych

238 --- E O F --- 2008-12-10 05:17:44

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 11 12 2008 - 16:34

Ja tu widzę tylko do usunięcia z Rejestru klucze infekcji pochodzącej z pendrive'a:
Do Notatnika wklej:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e4cce51-95cf-11dd-9d31-00030d5512a6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f263c3-9ffd-11dd-9269-00030d5512a6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36716451-9c2e-11dc-9eac-00030d5512a6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{476f2990-a8ef-11dd-9c96-00030d5512a6}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{594c778c-e762-11db-bec1-00a1b009fe04}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65252d2e-fc0b-11db-be83-00a1b009fe04}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG >>>
plik uruchom (dwuklik i OK).
Zrestartuj komputer.

ordynat

0

Do góry

#3 skicaj

Nowy

4 postów

Napisano 11 12 2008 - 17:02

"System windows nie może odnaleźć pliku "c:\FIX.REG Upewnij się, że wpisana nazwa jest poprawna i spróbuj ponownie."
taki komunikat pojawia się po probie dodania pliku FIX.REG do rejestru. udało się to w trybie awaryjnym, ale nic to nie pomogło...

0

Do góry

#4 Macsch15

Profesjonalista

3 705 postów

Napisano 11 12 2008 - 23:26

http://www.medbook.com.pl/sircam/

0

Do góry

#5 skicaj

Nowy

4 postów

Napisano 12 12 2008 - 12:07

dzieki za ten link, przeskanowalem tymi szczepionkami jednak to nic nie dalo. okazalo sie, ze wlasciwie to go nie mam, ale mam takie same objawy jak tu: http://support.microsoft.com/kb/311446/pl
co to moze byc?

0

Do góry

#6 sower

Nowy

4 postów

Napisano 14 12 2008 - 14:59

dzieki za ten link, przeskanowalem tymi szczepionkami jednak to nic nie dalo. okazalo sie, ze wlasciwie to go nie mam, ale mam takie same objawy jak tu: http://support.microsoft.com/kb/311446/pl
co to moze byc?

Może informacje zawarte tu Jak usunąć wirusa W32.SIRCAM pomogą ci rozwiązać ten problem

0

Do góry

#7 skicaj

Nowy

4 postów

Napisano 26 12 2008 - 22:36

niestety wychodzi na to ze moj problem nie jest zwiazany z wirusem Sircam, poniewaz nie mam takich plikow jakie on tworzy, choc jak pisalem mam te same objawy...
macie jakies inne pomysly??
probowalem juz z uprawnieniami administratora i niby mam wszystkie, ale nic nie moge zrobic...

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

[wirus]Problem z wirusem W32/Sircam

#1 skicaj

#2 ordynat

#3 skicaj

#4 Macsch15

#5 skicaj

#6 sower

#7 skicaj

Użytkownicy przeglądający ten temat: 0

Zaloguj się