Witam
Od pewnego czasu zmagam się z pewnym problemem, otóż nie moge otworzyć żadnej partycji przez dwukrotne kliknięcie ( pojawia się okno z wyborem programów, zupełnie jak w przypadku otwierania pliku z nieznanym przez system rozszerzeniem ). Jedyna mozliwość to klikniecie prawym przyciskiem i wybranie eksploruj. Niestety również programy, które korzystają z danych na różnych partycjach nie potrafią znaleźć ścieżki do tak zablokowanego dysku. Zawsze zaczyna od wykrycia wirusa przez program Avira ( z reguły jakieś trojan downloadery ), klikam na delete i od tego momentu nie moge już nic normalnie otworzyć. Szczegolnie podejrzany jest normalnie ukryty plik autorun.inf na kazdej partycji:
[AuToRuN]
open=auto.exe
shell\open=´ňżŞ(&O)
shelL\open\ComMand=soS.Exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
soS.Exe jest właśnie nazwą wirusa wykrywanego przez Avire, ale po jego usunięciu nie znika problem. I nie mowcie ze ktos miał już identyczny problem, bo mnie szlag trafi. ( Wdzięczny bede za link, jesli został pomyślnie rozwiązany, a jesli nie został to prosze o nie zamykanie bezsensowne tematu )
Może po usunieciu wirusa wystarczy zmienić komendy w autorun.inf i bedzie smigać, tylko co tam powinno być?
Hijack, jakby byl potrzebny:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:12, on 2000-12-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\NOTEPAD.EXE
E:\Program Files\Opera\Opera.exe
e:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.neostrada.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] J:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 5904 bytes
problem z wejściem na partycję w win XP
Rozpoczęty przez
piter23
, 09 12 2007 20:57
5 odpowiedzi w tym temacie
#2
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 09 12 2007 - 21:14
ComboFix ściągnij i zrób loga. Część powinien Combofix skasować - resztę wyczyścimy jak pokażesz z niego loga.
#3
piter23
-
-
- 3 postów
Nowy
Napisano 09 12 2007 - 21:48
Wielkie dzieki! Program usunął problem. Wklejam loga, jeśli jest coś jeszcze do załatania?
ComboFix 07-12-09.1 - piter 2000-12-09 20:50:57.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.180 [GMT 1:00]
Running from: E:\Program Files\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\autorun.ini
D:\Autorun.inf
E:\Autorun.inf
F:\auto.exe
F:\Autorun.inf
G:\auto.exe
G:\Autorun.inf
H:\auto.exe
H:\Autorun.inf
I:\auto.exe
I:\Autorun.inf
J:\Autorun.inf
K:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2000-12-09 16:59 96,374 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="J:\Program Files\Globe Software\StatBar\StatBar.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"Soltek"="C:\WINDOWS\system32\autorun.exe" [2001-10-30 08:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" [2007-04-02 10:35]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44]
C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-10-06 22:10:50]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys
R1 Uim_IM;UIM Drive Backup Image Plugin;C:\WINDOWS\system32\Drivers\Uim_IM.sys
R1 UimBus;Universal Image Mounter Controller;C:\WINDOWS\system32\DRIVERS\UimBus.sys
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe"
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe"
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - E:\soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af451-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - L:\cda_menu.exe
\Shell\install\command - L:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af453-7446-11dc-9fce-806d6172696f}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - E:\soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af454-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af455-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af456-7446-11dc-9fce-806d6172696f}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af457-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af458-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af459-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af45a-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 20:51:04 C:\WINDOWS\Tasks\WebReg psc 1500 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 20:54:06
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
StatBar = J:\Program Files\Globe Software\StatBar\StatBar.exe????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 20:55:03
.
--- E O F ---
ComboFix 07-12-09.1 - piter 2000-12-09 20:50:57.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.180 [GMT 1:00]
Running from: E:\Program Files\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\autorun.ini
D:\Autorun.inf
E:\Autorun.inf
F:\auto.exe
F:\Autorun.inf
G:\auto.exe
G:\Autorun.inf
H:\auto.exe
H:\Autorun.inf
I:\auto.exe
I:\Autorun.inf
J:\Autorun.inf
K:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2000-12-09 16:59 96,374 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatBar"="J:\Program Files\Globe Software\StatBar\StatBar.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40]
"Soltek"="C:\WINDOWS\system32\autorun.exe" [2001-10-30 08:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2007-02-12 18:16]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2007-02-12 16:22]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" [2007-04-02 10:35]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:44]
C:\DOCUME~1\ALLUSE~1\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-10-06 22:10:50]
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys
R1 Uim_IM;UIM Drive Backup Image Plugin;C:\WINDOWS\system32\Drivers\Uim_IM.sys
R1 UimBus;Universal Image Mounter Controller;C:\WINDOWS\system32\DRIVERS\UimBus.sys
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe"
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe"
R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys
R2 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys
R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - E:\soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af451-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - L:\cda_menu.exe
\Shell\install\command - L:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af453-7446-11dc-9fce-806d6172696f}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - E:\soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af454-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af455-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af456-7446-11dc-9fce-806d6172696f}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af457-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af458-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af459-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427af45a-7446-11dc-9fce-806d6172696f}]
\Shell\AutoRun\command - soS.Exe
\Shell\open\ComMand - soS.Exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 20:51:04 C:\WINDOWS\Tasks\WebReg psc 1500 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 20:54:06
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
StatBar = J:\Program Files\Globe Software\StatBar\StatBar.exe????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-09 20:55:03
.
--- E O F ---
#4
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 09 12 2007 - 21:54
Wyrżnij klucz HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2 - powinien sie odtworzyć automagicznie jak będzie potrzebny - na razie kupę odwołań do syfów zawiera.
Moje wątpliwości dotycza plików i wpisów:
"StatBar"="J:\Program Files\Globe Software\StatBar\StatBar.exe
"Soltek"="C:\WINDOWS\system32\autorun.exe"
C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
Znasz je ?
Moje wątpliwości dotycza plików i wpisów:
"StatBar"="J:\Program Files\Globe Software\StatBar\StatBar.exe
"Soltek"="C:\WINDOWS\system32\autorun.exe"
C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat
Znasz je ?
#5
piter23
-
-
- 3 postów
Nowy
Napisano 09 12 2007 - 23:03
Statbar to pasek narzedzi, soltek moja płyta główna, więc pewnie jakiś jej soft, trzeciego nie znam, pewnie jakiś syf do kasacji.
#6
Tequila
-
-
- 386 postów
Stały użytkownik
Napisano 09 12 2007 - 23:13
Tego trzeciego - mam prośbe - spakuj go czymś przed kasacją, wystaw go na sieć i daj mi linka na priva - jeżeli możesz oczywiście
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
