Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[wirus] EXPLORER.exe, problem..

Rozpoczęty przez FusioN822 , 05 01 2009 22:45

Temat jest zamknięty

10 odpowiedzi w tym temacie

#1 FusioN822

Początkujący

31 postów

Napisano 05 01 2009 - 22:45

Witam, juz ten "Pan" mnie nęka od jakiegoś czasu, gdy formatne pc, to albo zadomowi się na mp4 albo na fonie, ofc w fonie widać dwa pliki poprzez X-Plore ( Program ) autorun.inf i EXPLORER.exe, na mp4 myślę że też widać bo jakoś widziałem, niestety nie da się ich normalnie usunąć.

Macie jakiś pomysł, albo info dotyczące tego wirusa?

Wiem że np gdy zamkne proces EXPLORER.exe to dopiero cs mi sie wlaczy ;o

a inne nowsze gry np GTA IV chodzą bez zarzutów

Pozdrawiam

a i PS. To nie jest explorer.exe więc nie mylić z tym

mam jeszcze dragdieg czy jakoś tak ^_^

@@ EDIT @@

Dla Znających się, uzyskalem jakoś , te pliki do .zip, czyli mam autorun w odzielnym zip i EXPLORER.exe, zobaczcie zawartość pliku .inf, są tam pewne linijki dotyczące tego.

http://odsiebie.com/pokaz/1262241---0e26.html

0

Do góry

#2 Macsch15

Profesjonalista

3 705 postów

Napisano 05 01 2009 - 23:23

Plik autorun.inf pochodzi z infekcji z pendrive ...
Daj loga z hijackThisa i Combofixa
http://forum.idg.pl/bezpieczenstwo_kompute...ia-t118804.html

0

Do góry

#3 FusioN822

Początkujący

31 postów

Napisano 06 01 2009 - 14:16

Combofix

ComboFix 09-01-05.05 - admin 2009-01-06 13:10:11.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1455 [GMT 1:00]
Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\windows\system32\explorer.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\kamsoft.exe
D:\Autorun.inf
F:\Autorun.inf

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-06 do 2009-01-06  )))))))))))))))))))))))))))))))
.

2009-01-04 10:48 . 2009-01-06 13:12	54,156	--ah-----	c:\windows\QTFont.qfn
2009-01-04 10:48 . 2009-01-06 13:11	1,409	--a------	c:\windows\QTFont.for
2009-01-03 22:40 . 2009-01-03 22:40	69	--a------	c:\windows\NeroDigital.ini
2009-01-03 21:22 . 2009-01-03 21:32	<DIR>	d--------	c:\program files\MSECache
2009-01-03 18:02 . 2009-01-03 18:02	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Nero
2009-01-03 10:52 . 2009-01-03 10:52	6,655	--a------	c:\windows\system32\spupdsvc.inf
2009-01-03 10:48 . 2009-01-03 10:48	<DIR>	d--------	c:\windows\ServicePackFiles
2009-01-03 10:47 . 2008-04-14 22:51	294,912	-----c---	c:\windows\system32\dllcache\dlimport.exe
2009-01-03 10:44 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]02859_.tmp
2009-01-02 23:17 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]02860_.tmp
2009-01-02 22:24 . 2009-01-02 22:24	107,888	--a------	c:\windows\system32\CmdLineExt.dll
2009-01-02 22:23 . 2008-05-30 14:11	3,850,760	--a------	c:\windows\system32\D3DX9_38.dll
2009-01-02 22:23 . 2008-05-30 14:11	1,491,992	--a------	c:\windows\system32\D3DCompiler_38.dll
2009-01-02 22:23 . 2008-05-30 14:19	507,400	--a------	c:\windows\system32\XAudio2_1.dll
2009-01-02 22:23 . 2008-03-05 16:03	479,752	--a------	c:\windows\system32\XAudio2_0.dll
2009-01-02 22:23 . 2008-05-30 14:11	467,984	--a------	c:\windows\system32\d3dx10_38.dll
2009-01-02 22:23 . 2008-05-30 14:18	238,088	--a------	c:\windows\system32\xactengine3_1.dll
2009-01-02 22:23 . 2008-03-05 16:03	238,088	--a------	c:\windows\system32\xactengine3_0.dll
2009-01-02 22:23 . 2008-05-30 14:17	65,032	--a------	c:\windows\system32\XAPOFX1_0.dll
2009-01-02 22:23 . 2008-05-30 14:17	25,608	--a------	c:\windows\system32\X3DAudio1_4.dll
2009-01-02 22:23 . 2008-03-05 16:00	25,608	--a------	c:\windows\system32\X3DAudio1_3.dll
2009-01-02 22:22 . 2009-01-02 22:22	<DIR>	d--------	c:\windows\system32\LogFiles
2009-01-02 22:22 . 2009-01-04 16:55	<DIR>	d--------	c:\windows\system32\drivers\umdf
2009-01-02 22:22 . 2009-01-02 22:22	<DIR>	d--------	c:\windows\Logs
2009-01-02 20:42 . 2009-01-02 20:42	<DIR>	d--------	c:\program files\MSBuild
2009-01-02 20:39 . 2009-01-02 20:42	<DIR>	d--------	c:\windows\system32\XPSViewer
2009-01-02 20:39 . 2009-01-02 20:39	<DIR>	d--------	c:\program files\Reference Assemblies
2009-01-02 20:39 . 2006-06-29 13:07	14,048	---------	c:\windows\system32\spmsg2.dll
2009-01-02 20:27 . 2009-01-02 20:27	<DIR>	d--------	c:\windows\system32\xlive
2009-01-02 20:27 . 2009-01-02 20:28	<DIR>	d--------	c:\program files\Microsoft Games for Windows - LIVE
2009-01-02 20:27 . 2008-03-05 15:56	3,786,760	--a------	c:\windows\system32\D3DX9_37.dll
2009-01-02 20:27 . 2008-03-05 15:56	1,420,824	--a------	c:\windows\system32\D3DCompiler_37.dll
2009-01-02 20:27 . 2008-02-05 23:07	462,864	--a------	c:\windows\system32\d3dx10_37.dll
2009-01-02 10:09 . 2007-04-15 19:38	110,031	-r-hs----	C:\whi.com
2008-12-31 21:31 . 2008-12-31 21:32	<DIR>	d--------	c:\program files\Nero
2008-12-31 21:31 . 2008-12-31 21:32	<DIR>	d--------	c:\program files\Common Files\Nero
2008-12-31 21:31 . 2008-12-31 21:31	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-31 21:31 . 2006-03-17 11:45	1,757,184	--a------	c:\windows\system32\imagX7.dll
2008-12-31 21:31 . 2006-03-17 11:45	802,816	--a------	c:\windows\system32\imagXRA7.dll
2008-12-31 21:31 . 2006-03-17 11:45	497,296	--a------	c:\windows\system32\imagXpr7.dll
2008-12-31 21:31 . 2006-03-17 14:49	368,640	--a------	c:\windows\system32\TwnLib4.dll
2008-12-31 21:31 . 2006-03-17 11:45	258,048	--a------	c:\windows\system32\imagXR7.dll
2008-12-31 17:32 . 2008-12-31 17:32	<DIR>	d--------	c:\program files\SystemRequirementsLab
2008-12-31 15:44 . 2008-12-31 15:44	<DIR>	d--h-----	c:\windows\PIF
2008-12-31 11:53 . 2008-12-31 11:53	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Ubisoft
2008-12-31 11:43 . 2008-12-31 11:43	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2008-12-31 11:32 . 2008-12-31 11:32	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\InstallShield
2008-12-31 11:14 . 2008-12-31 11:14	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools Pro
2008-12-31 11:14 . 2008-12-31 11:14	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools
2008-12-31 11:12 . 2008-12-31 11:12	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2008-12-31 11:12 . 2008-12-31 11:12	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-31 11:10 . 2008-12-31 11:10	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools Lite
2008-12-31 11:10 . 2008-12-31 11:10	717,296	--a------	c:\windows\system32\drivers\sptd.sys
2008-12-31 10:51 . 2008-12-31 10:51	<DIR>	d--------	c:\windows\system32\AGEIA
2008-12-31 10:51 . 2008-12-31 11:21	<DIR>	d--------	c:\program files\Common Files\Wise Installation Wizard
2008-12-31 10:51 . 2008-12-31 10:51	<DIR>	d--------	c:\program files\AGEIA Technologies
2008-12-31 10:50 . 2008-12-31 10:50	<DIR>	d--------	c:\windows\nview
2008-12-31 10:50 . 2008-12-31 10:50	<DIR>	d--------	C:\NVIDIA
2008-12-31 10:50 . 2008-10-02 10:07	453,152	--a------	c:\windows\system32\NVUNINST.EXE
2008-12-31 10:50 . 2008-10-07 13:33	453,152	--a------	c:\windows\system32\nvudisp.exe
2008-12-31 10:50 . 2009-01-06 13:12	200,819	--a------	c:\windows\system32\nvapps.xml
2008-12-31 10:50 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu
2008-12-31 10:00 . 2006-08-16 16:37	188,416	-ra------	c:\windows\system32\SET4E.tmp
2008-12-31 10:00 . 2006-08-16 16:37	155,648	-ra------	c:\windows\system32\SET5A.tmp
2008-12-31 09:59 . 2006-08-16 16:37	81,920	-ra------	c:\windows\system32\SET48.tmp
2008-12-31 09:59 . 2006-08-16 16:37	43,520	-ra------	c:\windows\system32\SET4B.tmp
2008-12-30 19:12 . 2008-02-15 12:49	180,224	---------	c:\windows\system32\igfxres.dll
2008-12-30 19:10 . 2008-02-15 13:11	1,843,784	--a------	c:\windows\system32\igklg400.dll
2008-12-30 19:10 . 2008-02-15 13:11	1,399,880	--a------	c:\windows\system32\igklg450.dll
2008-12-30 19:10 . 2008-02-15 12:49	176,128	--a------	c:\windows\system32\igfxrsky.lrc
2008-12-30 19:10 . 2008-02-15 12:49	172,032	--a------	c:\windows\system32\igfxrslv.lrc
2008-12-30 19:10 . 2008-02-15 13:21	147,456	--a------	c:\windows\system32\igfxCoIn_v4926.dll
2008-12-30 19:10 . 2008-02-15 13:11	104,636	--a------	c:\windows\system32\igmedcompkrn.dll
2008-12-30 19:09 . 2008-12-30 19:09	<DIR>	d--------	C:\Intel
2008-12-30 16:32 . 2009-01-03 10:50	<DIR>	d--------	c:\windows\system32\pl-pl
2008-12-30 16:30 . 2008-12-30 16:30	<DIR>	d--h-----	c:\windows\$hf_mig$
2008-12-29 15:35 . 2008-12-29 15:35	<DIR>	d--------	c:\program files\Notepad++
2008-12-29 15:35 . 2008-12-29 19:18	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Notepad++
2008-12-29 15:08 . 2008-12-29 15:08	<DIR>	d--------	c:\program files\KDE
2008-12-29 15:08 . 2008-12-29 15:08	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\KDE
2008-12-28 11:23 . 2008-12-28 11:23	<DIR>	d--------	c:\program files\Trend Micro
2008-12-27 16:03 . 2008-12-27 16:03	<DIR>	d--------	c:\program files\VertrigoServ
2008-12-26 20:33 . 2008-03-21 13:57	14,640	---------	c:\windows\system32\spmsgXP_2k3.dll
2008-12-26 20:33 . 2008-12-26 20:33	0	--ah-----	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-26 20:33 . 2008-12-26 20:33	0	--ah-----	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-26 20:32 . 2009-01-04 16:54	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-26 20:32 . 2008-12-26 20:33	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\PC Suite
2008-12-26 20:32 . 2008-12-26 20:32	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Nokia
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\PC Connectivity Solution
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Nokia
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\DIFX
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Common Files\PCSuite
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Common Files\Nokia
2008-12-26 20:31 . 2008-09-15 07:29	1,112,288	--a------	c:\windows\system32\wdfcoinstaller01007.dll
2008-12-26 20:31 . 2008-09-15 07:56	659,968	--a------	c:\windows\system32\nmwcdcocls.dll
2008-12-26 20:31 . 2008-09-15 07:56	91,136	--a------	c:\windows\system32\nmwcdcls.dll
2008-12-26 20:31 . 2008-09-15 07:56	22,016	--a------	c:\windows\system32\drivers\ccdcmbo.sys
2008-12-26 20:31 . 2008-08-26 09:26	18,816	--a------	c:\windows\system32\drivers\pccsmcfd.sys
2008-12-26 20:31 . 2008-09-15 07:56	17,664	--a------	c:\windows\system32\drivers\ccdcmb.sys
2008-12-26 20:31 . 2008-09-15 07:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-26 20:31 . 2008-09-15 07:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-26 20:30 . 2008-12-26 20:30	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Installations
2008-12-26 20:20 . 2008-12-30 16:23	<DIR>	d--------	c:\windows\system32\QuickTime
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\windows\occache
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Viewpoint
2008-12-26 20:20 . 2008-12-30 16:23	<DIR>	d--------	c:\program files\QuickTime
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Learn2.com
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Common Files\Nullsoft
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\AOL Companion
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Viewpoint
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\QuickTime
2008-12-26 20:20 . 2004-08-03 23:44	1,483,264	--a------	c:\windows\system32\shdocvw.bak
2008-12-26 20:20 . 1999-11-10 12:05	86,016	--a------	c:\windows\unvise32qt.exe
2008-12-26 20:19 . 2008-12-27 12:59	<DIR>	d--------	c:\program files\Common Files\aolshare
2008-12-26 20:19 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\America Online 9.0
2008-12-26 20:19 . 2008-12-27 12:59	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\AOL
2008-12-26 20:19 . 2003-08-15 15:17	1,044,480	--a------	c:\windows\system32\roboex32.dll
2008-12-26 20:19 . 2003-08-15 15:17	153,088	--a------	c:\windows\system32\jgdwmie.dll
2008-12-26 20:19 . 2003-01-10 17:13	65,536	--a------	c:\windows\wanmpsvc.exe
2008-12-26 20:19 . 2003-08-15 15:17	54,784	--a------	c:\windows\system32\Inetwh32.dll
2008-12-26 20:19 . 2003-01-10 17:13	33,588	--a------	c:\windows\system32\drivers\wanatw4.sys
2008-12-26 20:19 . 2003-08-15 15:17	29,184	--a------	c:\windows\system32\popup.ocx
2008-12-26 20:19 . 2003-08-15 15:16	24,659	--a------	c:\windows\system32\aolddial.dll
2008-12-26 20:18 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Common Files\AOL
2008-12-26 20:18 . 2008-12-26 20:20	1,062	--ah-----	C:\IPH.PH

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 20:56	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-12-25 11:24	---------	d-----w	c:\program files\Java
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58	333192	--a------	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"Steam"="d:\program files\Steam\Steam.exe" [2008-12-25 1410296]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]
"EXPLORER.EXE"="EXPLORER.EXE" [2008-04-14 c:\windows\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>Agent"="c:\program files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe" [2008-08-04 36352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-26 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-12-26 36953]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-12 35840]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\Drivers\OCDE.sys --> c:\windows\system32\Drivers\OCDE.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-25 13352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fda5d7-d2d1-11dd-b4fc-000e50f3c6d9}]
\Shell\AutoRun\command - G:\whi.com
\Shell\explore\Command - G:\whi.com
\Shell\open\Command - G:\whi.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fda5d8-d2d1-11dd-b4fc-000e50f3c6d9}]
\Shell\AutoRun\command - H:\whi.com
\Shell\explore\Command - H:\whi.com
\Shell\open\Command - H:\whi.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3d837c-d65d-11dd-b504-000e50f3c6d9}]
\Shell\AutoRun\command - H:\whi.com
\Shell\explore\Command - H:\whi.com
\Shell\open\Command - H:\whi.com
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-05 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-wsctf.exe - wsctf.exe


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\7y4ikny8.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 13:12:58
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\rundll32.exe
d:\program files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-06 13:16:14 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-01-06 12:16:12

Przed: 4 669 362 176 bajtów wolnych
Po: 4,859,842,560 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

292

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:31, on 2009-01-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>Agent] "C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F8FC11-8886-4E74-8F77-75965BB08D6C}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{61F8FC11-8886-4E74-8F77-75965BB08D6C}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS4\Services\Tcpip\..\{61F8FC11-8886-4E74-8F77-75965BB08D6C}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7731 bytes

0

Do góry

#4 Macsch15

Profesjonalista

3 705 postów

Napisano 06 01 2009 - 15:29

Czyli tak ...
W hijacku

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE

te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

0

Do góry

#5 ordynat

Zaawansowany użytkownik

804 postów

Napisano 06 01 2009 - 15:32

Wklej do Notatnika:

File::
C:\whi.com
D:\whi.com
F:\whi.com

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EXPLORER.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fda5d7-d2d1-11dd-b4fc-000e50f3c6d9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31fda5d8-d2d1-11dd-b4fc-000e50f3c6d9}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb3d837c-d65d-11dd-b504-000e50f3c6d9}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku --> Dołączona grafika

Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C:\Qoobox.

Daj ten log, który powstanie w trakcie usuwania.

ordynat

0

Do góry

#6 FusioN822

Początkujący

31 postów

Napisano 06 01 2009 - 17:05

ComboFix 09-01-05.05 - admin 2009-01-06 16:02:04.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2047.1445 [GMT 1:00]
Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\admin\Pulpit\CFscript.txt
 * Utworzono nowy punkt przywracania

FILE ::
C:\whi.com
D:\whi.com
F:\whi.com
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\whi.com
D:\whi.com
F:\whi.com

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-06 do 2009-01-06  )))))))))))))))))))))))))))))))
.

2009-01-04 10:48 . 2009-01-06 13:12	54,156	--ah-----	c:\windows\QTFont.qfn
2009-01-04 10:48 . 2009-01-06 13:11	1,409	--a------	c:\windows\QTFont.for
2009-01-03 22:40 . 2009-01-03 22:40	69	--a------	c:\windows\NeroDigital.ini
2009-01-03 21:22 . 2009-01-03 21:32	<DIR>	d--------	c:\program files\MSECache
2009-01-03 18:02 . 2009-01-03 18:02	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Nero
2009-01-03 10:52 . 2009-01-03 10:52	6,655	--a------	c:\windows\system32\spupdsvc.inf
2009-01-03 10:48 . 2009-01-03 10:48	<DIR>	d--------	c:\windows\ServicePackFiles
2009-01-03 10:47 . 2008-04-14 22:51	294,912	-----c---	c:\windows\system32\dllcache\dlimport.exe
2009-01-03 10:44 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]02859_.tmp
2009-01-02 23:17 . 2006-12-29 00:31	19,569	--a------	c:\windows\[u]0[/u]02860_.tmp
2009-01-02 22:24 . 2009-01-02 22:24	107,888	--a------	c:\windows\system32\CmdLineExt.dll
2009-01-02 22:23 . 2008-05-30 14:11	3,850,760	--a------	c:\windows\system32\D3DX9_38.dll
2009-01-02 22:23 . 2008-05-30 14:11	1,491,992	--a------	c:\windows\system32\D3DCompiler_38.dll
2009-01-02 22:23 . 2008-05-30 14:19	507,400	--a------	c:\windows\system32\XAudio2_1.dll
2009-01-02 22:23 . 2008-03-05 16:03	479,752	--a------	c:\windows\system32\XAudio2_0.dll
2009-01-02 22:23 . 2008-05-30 14:11	467,984	--a------	c:\windows\system32\d3dx10_38.dll
2009-01-02 22:23 . 2008-05-30 14:18	238,088	--a------	c:\windows\system32\xactengine3_1.dll
2009-01-02 22:23 . 2008-03-05 16:03	238,088	--a------	c:\windows\system32\xactengine3_0.dll
2009-01-02 22:23 . 2008-05-30 14:17	65,032	--a------	c:\windows\system32\XAPOFX1_0.dll
2009-01-02 22:23 . 2008-05-30 14:17	25,608	--a------	c:\windows\system32\X3DAudio1_4.dll
2009-01-02 22:23 . 2008-03-05 16:00	25,608	--a------	c:\windows\system32\X3DAudio1_3.dll
2009-01-02 22:22 . 2009-01-02 22:22	<DIR>	d--------	c:\windows\system32\LogFiles
2009-01-02 22:22 . 2009-01-04 16:55	<DIR>	d--------	c:\windows\system32\drivers\umdf
2009-01-02 22:22 . 2009-01-02 22:22	<DIR>	d--------	c:\windows\Logs
2009-01-02 20:42 . 2009-01-02 20:42	<DIR>	d--------	c:\program files\MSBuild
2009-01-02 20:39 . 2009-01-02 20:42	<DIR>	d--------	c:\windows\system32\XPSViewer
2009-01-02 20:39 . 2009-01-02 20:39	<DIR>	d--------	c:\program files\Reference Assemblies
2009-01-02 20:39 . 2006-06-29 13:07	14,048	---------	c:\windows\system32\spmsg2.dll
2009-01-02 20:27 . 2009-01-02 20:27	<DIR>	d--------	c:\windows\system32\xlive
2009-01-02 20:27 . 2009-01-02 20:28	<DIR>	d--------	c:\program files\Microsoft Games for Windows - LIVE
2009-01-02 20:27 . 2008-03-05 15:56	3,786,760	--a------	c:\windows\system32\D3DX9_37.dll
2009-01-02 20:27 . 2008-03-05 15:56	1,420,824	--a------	c:\windows\system32\D3DCompiler_37.dll
2009-01-02 20:27 . 2008-02-05 23:07	462,864	--a------	c:\windows\system32\d3dx10_37.dll
2008-12-31 21:31 . 2008-12-31 21:32	<DIR>	d--------	c:\program files\Nero
2008-12-31 21:31 . 2008-12-31 21:32	<DIR>	d--------	c:\program files\Common Files\Nero
2008-12-31 21:31 . 2008-12-31 21:31	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-31 21:31 . 2006-03-17 11:45	1,757,184	--a------	c:\windows\system32\imagX7.dll
2008-12-31 21:31 . 2006-03-17 11:45	802,816	--a------	c:\windows\system32\imagXRA7.dll
2008-12-31 21:31 . 2006-03-17 11:45	497,296	--a------	c:\windows\system32\imagXpr7.dll
2008-12-31 21:31 . 2006-03-17 14:49	368,640	--a------	c:\windows\system32\TwnLib4.dll
2008-12-31 21:31 . 2006-03-17 11:45	258,048	--a------	c:\windows\system32\imagXR7.dll
2008-12-31 17:32 . 2008-12-31 17:32	<DIR>	d--------	c:\program files\SystemRequirementsLab
2008-12-31 15:44 . 2008-12-31 15:44	<DIR>	d--h-----	c:\windows\PIF
2008-12-31 11:53 . 2008-12-31 11:53	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Ubisoft
2008-12-31 11:43 . 2008-12-31 11:43	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2008-12-31 11:32 . 2008-12-31 11:32	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\InstallShield
2008-12-31 11:14 . 2008-12-31 11:14	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools Pro
2008-12-31 11:14 . 2008-12-31 11:14	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools
2008-12-31 11:12 . 2008-12-31 11:12	<DIR>	d--------	c:\program files\DAEMON Tools Lite
2008-12-31 11:12 . 2008-12-31 11:12	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2008-12-31 11:10 . 2008-12-31 11:10	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\DAEMON Tools Lite
2008-12-31 11:10 . 2008-12-31 11:10	717,296	--a------	c:\windows\system32\drivers\sptd.sys
2008-12-31 10:51 . 2008-12-31 10:51	<DIR>	d--------	c:\windows\system32\AGEIA
2008-12-31 10:51 . 2008-12-31 11:21	<DIR>	d--------	c:\program files\Common Files\Wise Installation Wizard
2008-12-31 10:51 . 2008-12-31 10:51	<DIR>	d--------	c:\program files\AGEIA Technologies
2008-12-31 10:50 . 2008-12-31 10:50	<DIR>	d--------	c:\windows\nview
2008-12-31 10:50 . 2008-12-31 10:50	<DIR>	d--------	C:\NVIDIA
2008-12-31 10:50 . 2008-10-02 10:07	453,152	--a------	c:\windows\system32\NVUNINST.EXE
2008-12-31 10:50 . 2008-10-07 13:33	453,152	--a------	c:\windows\system32\nvudisp.exe
2008-12-31 10:50 . 2009-01-06 13:12	200,819	--a------	c:\windows\system32\nvapps.xml
2008-12-31 10:50 . 2008-10-07 13:33	18,477	--a------	c:\windows\system32\nvdisp.nvu
2008-12-31 10:00 . 2006-08-16 16:37	188,416	-ra------	c:\windows\system32\SET4E.tmp
2008-12-31 10:00 . 2006-08-16 16:37	155,648	-ra------	c:\windows\system32\SET5A.tmp
2008-12-31 09:59 . 2006-08-16 16:37	81,920	-ra------	c:\windows\system32\SET48.tmp
2008-12-31 09:59 . 2006-08-16 16:37	43,520	-ra------	c:\windows\system32\SET4B.tmp
2008-12-30 19:12 . 2008-02-15 12:49	180,224	---------	c:\windows\system32\igfxres.dll
2008-12-30 19:10 . 2008-02-15 13:11	1,843,784	--a------	c:\windows\system32\igklg400.dll
2008-12-30 19:10 . 2008-02-15 13:11	1,399,880	--a------	c:\windows\system32\igklg450.dll
2008-12-30 19:10 . 2008-02-15 12:49	176,128	--a------	c:\windows\system32\igfxrsky.lrc
2008-12-30 19:10 . 2008-02-15 12:49	172,032	--a------	c:\windows\system32\igfxrslv.lrc
2008-12-30 19:10 . 2008-02-15 13:21	147,456	--a------	c:\windows\system32\igfxCoIn_v4926.dll
2008-12-30 19:10 . 2008-02-15 13:11	104,636	--a------	c:\windows\system32\igmedcompkrn.dll
2008-12-30 19:09 . 2008-12-30 19:09	<DIR>	d--------	C:\Intel
2008-12-30 16:32 . 2009-01-03 10:50	<DIR>	d--------	c:\windows\system32\pl-pl
2008-12-30 16:30 . 2008-12-30 16:30	<DIR>	d--h-----	c:\windows\$hf_mig$
2008-12-29 15:35 . 2008-12-29 15:35	<DIR>	d--------	c:\program files\Notepad++
2008-12-29 15:35 . 2008-12-29 19:18	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Notepad++
2008-12-29 15:08 . 2008-12-29 15:08	<DIR>	d--------	c:\program files\KDE
2008-12-29 15:08 . 2008-12-29 15:08	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\KDE
2008-12-28 11:23 . 2008-12-28 11:23	<DIR>	d--------	c:\program files\Trend Micro
2008-12-27 16:03 . 2008-12-27 16:03	<DIR>	d--------	c:\program files\VertrigoServ
2008-12-26 20:33 . 2008-03-21 13:57	14,640	---------	c:\windows\system32\spmsgXP_2k3.dll
2008-12-26 20:33 . 2008-12-26 20:33	0	--ah-----	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-12-26 20:33 . 2008-12-26 20:33	0	--ah-----	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-26 20:32 . 2009-01-04 16:54	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-26 20:32 . 2008-12-26 20:33	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\PC Suite
2008-12-26 20:32 . 2008-12-26 20:32	<DIR>	d--------	c:\documents and settings\admin\Dane aplikacji\Nokia
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\PC Connectivity Solution
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Nokia
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\DIFX
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Common Files\PCSuite
2008-12-26 20:31 . 2008-12-26 20:31	<DIR>	d--------	c:\program files\Common Files\Nokia
2008-12-26 20:31 . 2008-09-15 07:29	1,112,288	--a------	c:\windows\system32\wdfcoinstaller01007.dll
2008-12-26 20:31 . 2008-09-15 07:56	659,968	--a------	c:\windows\system32\nmwcdcocls.dll
2008-12-26 20:31 . 2008-09-15 07:56	91,136	--a------	c:\windows\system32\nmwcdcls.dll
2008-12-26 20:31 . 2008-09-15 07:56	22,016	--a------	c:\windows\system32\drivers\ccdcmbo.sys
2008-12-26 20:31 . 2008-08-26 09:26	18,816	--a------	c:\windows\system32\drivers\pccsmcfd.sys
2008-12-26 20:31 . 2008-09-15 07:56	17,664	--a------	c:\windows\system32\drivers\ccdcmb.sys
2008-12-26 20:31 . 2008-09-15 07:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-26 20:31 . 2008-09-15 07:56	8,064	--a------	c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-26 20:30 . 2008-12-26 20:30	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Installations
2008-12-26 20:20 . 2008-12-30 16:23	<DIR>	d--------	c:\windows\system32\QuickTime
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\windows\occache
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Viewpoint
2008-12-26 20:20 . 2008-12-30 16:23	<DIR>	d--------	c:\program files\QuickTime
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Learn2.com
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Common Files\Nullsoft
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\AOL Companion
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\Viewpoint
2008-12-26 20:20 . 2008-12-26 20:20	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\QuickTime
2008-12-26 20:20 . 2004-08-03 23:44	1,483,264	--a------	c:\windows\system32\shdocvw.bak
2008-12-26 20:20 . 1999-11-10 12:05	86,016	--a------	c:\windows\unvise32qt.exe
2008-12-26 20:19 . 2008-12-27 12:59	<DIR>	d--------	c:\program files\Common Files\aolshare
2008-12-26 20:19 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\America Online 9.0
2008-12-26 20:19 . 2008-12-27 12:59	<DIR>	d--------	c:\documents and settings\All Users\Dane aplikacji\AOL
2008-12-26 20:19 . 2003-08-15 15:17	1,044,480	--a------	c:\windows\system32\roboex32.dll
2008-12-26 20:19 . 2003-08-15 15:17	153,088	--a------	c:\windows\system32\jgdwmie.dll
2008-12-26 20:19 . 2003-01-10 17:13	65,536	--a------	c:\windows\wanmpsvc.exe
2008-12-26 20:19 . 2003-08-15 15:17	54,784	--a------	c:\windows\system32\Inetwh32.dll
2008-12-26 20:19 . 2003-01-10 17:13	33,588	--a------	c:\windows\system32\drivers\wanatw4.sys
2008-12-26 20:19 . 2003-08-15 15:17	29,184	--a------	c:\windows\system32\popup.ocx
2008-12-26 20:19 . 2003-08-15 15:16	24,659	--a------	c:\windows\system32\aolddial.dll
2008-12-26 20:18 . 2008-12-26 20:20	<DIR>	d--------	c:\program files\Common Files\AOL
2008-12-26 20:18 . 2008-12-26 20:20	1,062	--ah-----	C:\IPH.PH
2008-12-26 18:36 . 2008-12-29 19:29	<DIR>	d--------	c:\program files\mIRC

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 20:56	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-12-25 11:24	---------	d-----w	c:\program files\Java
2008-10-29 10:24	831,048	----a-w	c:\windows\system32\WudfUpdate_01005.dll
2008-10-28 16:41	14,303,392	----a-w	c:\windows\system32\xlive.dll
2008-10-28 16:41	13,643,936	----a-w	c:\windows\system32\xlivefnt.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58	333192	--a------	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Konnekt"="c:\program files\Konnekt\konnekt.exe" [2005-05-24 503808]
"Steam"="d:\program files\Steam\Steam.exe" [2008-12-25 1410296]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"RGSC"="d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-01-02 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-26 77824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2008-12-26 36953]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\Program Files\\Steam\\steamapps\\stec_kamil\\counter-strike\\hl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-12 35840]
S0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\system32\Drivers\OCDE.sys --> c:\windows\system32\Drivers\OCDE.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-25 13352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'

2009-01-05 c:\windows\Tasks\WebReg HP Deskjet F2200 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-10-14 20:40]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.neostrada.pl
uInternet Connection Wizard,ShellNext = iexplore
TCP: {61F8FC11-8886-4E74-8F77-75965BB08D6C} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\7y4ikny8.default\
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 16:04:23
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-01-06 16:05:17
ComboFix-quarantined-files.txt  2009-01-06 15:05:12
ComboFix2.txt  2009-01-06 12:16:15

Przed: 4 861 251 584 bajtów wolnych
Po: 4,852,178,944 bajtów wolnych

254

Teraz, jak pozbyć się tego z mp4 oraz z fona ?
Telefon : Nokia n73 Music Edition , Mp4 : Pentagram Vanquish R Touch 4 gb

Pozdrawiam ^_^

@ EDIT
Pytanko, co robi tak właściwie taki wirus?

0

Do góry

#7 oskar93

Banned

678 postów

Napisano 06 01 2009 - 18:13

Formatujesz pamiec telefonu, karte pamieci w nim zainstalowana, mp4 tez formatujesz, tylko nie otwieraj tych dyskow przenosnych, prawoklik i formatuj.

0

Do góry

#8 FusioN822

Początkujący

31 postów

Napisano 06 01 2009 - 18:36

a bez formatowania?, bo mam tam ważne pliki :]

0

Do góry

#9 derPole

Początkujący

109 postów

Napisano 06 01 2009 - 18:38

ale jak sformatujesz pamiec telefonu, to nie bedzie oprogramowania telefonu, a karte pamieci mozna przez telefon sformatowac (niewiem czy ta opcia jest w kazdym telefonie)

pamiec telefonu: opcja przywroc ustawienia fabryczne powinna wystarczyc (nie jstem pewny)

0

Do góry

#10 FusioN822

Początkujący

31 postów

Napisano 06 01 2009 - 21:40

mi chodzi o dane które mam w telefonie, aplikacje itp... muzyke ;p tak samo na mp4 ;P

0

Do góry

#11 oskar93

Banned

678 postów

Napisano 06 01 2009 - 22:01

Jak sformatuje telefon, to po prostu system przywroci sie do stanu w jakim wyszedl z fabryki.
A jak chcesz usunac to bierz dobrego antywirusa i skanuj te pamieci i usuwaj za jego pomoca infekcje.