Witam od ostatnich dni pokazuje mi sie cos takiego jesli klikne na jakis plik na partycji e
tutaj lonk do screena --> http://bladd.patrz.pl/werewolf836
Witam od ostatnich dni pokazuje mi sie cos takiego jesli klikne na jakis plik na partycji e
tutaj lonk do screena --> http://bladd.patrz.pl/werewolf836
Zapewne masz tam jakiś plik autorun zrobiony przez wirusa. Daj logi z combofix. A jak chcesz dostać się na dysk to: wklep w pasku adresu np. c:
ComboFix 09-01-21.04 - M O K 2009-01-27 17:25:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.690 [GMT 1:00]
Uruchomiony z: E:\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 )))))))))))))))))))))))))))))))
.
2009-01-27 11:56 . 2009-01-27 12:31
2009-01-27 11:56 . 2009-01-27 11:56
2009-01-27 11:55 . 2009-01-27 11:55
2009-01-27 11:55 . 2009-01-27 12:32
2009-01-27 11:55 . 2009-01-27 11:55
2009-01-23 13:29 . 2009-01-23 13:28 399,384 --a------ c:\windows\diagnistic.exe
2009-01-22 17:45 . 2009-01-22 17:45
2009-01-22 17:45 . 2009-01-22 17:45
2009-01-22 17:45 . 2009-01-22 17:45
2009-01-22 17:45 . 2009-01-22 17:45
2009-01-22 17:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-22 17:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-22 17:44 . 2009-01-22 17:45
2009-01-22 17:44 . 2009-01-22 17:45
2009-01-22 17:44 . 2009-01-22 17:44
2009-01-22 17:44 . 2009-01-22 17:44
2009-01-22 17:44 . 2009-01-22 17:44
2009-01-22 17:44 . 2009-01-22 17:44
2009-01-17 17:28 . 2009-01-17 17:28
2009-01-14 11:44 . 2009-01-14 11:44
2009-01-14 11:44 . 2009-01-14 11:44
2009-01-14 11:44 . 2009-01-14 11:44
2009-01-13 11:02 . 2009-01-26 18:26
2009-01-11 19:50 . 2009-01-25 19:53
2009-01-11 19:33 . 2009-01-25 14:16 69 --a------ c:\windows\NeroDigital.ini
2009-01-11 18:58 . 2009-01-20 10:20
2009-01-10 22:36 . 2008-04-14 18:20 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-10 22:36 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-10 22:36 . 2008-04-13 19:45 15,104 --a–c— c:\windows\system32\dllcache\usbscan.sys
2009-01-10 22:36 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-09 21:53 . 2009-01-09 21:53
2009-01-09 21:53 . 2009-01-09 21:53
2009-01-09 21:53 . 2009-01-09 21:53
2009-01-09 11:54 . 2009-01-09 11:54
2009-01-07 20:58 . 2009-01-07 20:58 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-07 20:55 . 2009-01-07 20:55
2009-01-07 20:36 . 2009-01-07 20:36
2009-01-07 20:31 . 2009-01-07 20:31
2009-01-07 20:31 . 2009-01-11 19:34
2009-01-07 20:29 . 2009-01-07 20:29
2009-01-07 20:29 . 2009-01-07 20:31
2009-01-07 20:29 . 2009-01-07 20:29
2009-01-06 18:00 . 2008-04-14 18:20 651,264 --------- c:\windows\system32\dot3ui.dll
2009-01-06 17:41 . 2008-06-14 18:36 273,024 -----c— c:\windows\system32\dllcache\bthport.sys
2009-01-06 17:41 . 2008-08-14 11:04 138,496 -----c— c:\windows\system32\dllcache\afd.sys
2009-01-06 17:39 . 2008-12-12 18:03 3,088,896 -----c— c:\windows\system32\dllcache\mshtml.dll
2009-01-06 17:39 . 2008-10-16 02:02 1,499,136 -----c— c:\windows\system32\dllcache\shdocvw.dll
2009-01-06 17:39 . 2008-10-16 02:02 668,672 -----c— c:\windows\system32\dllcache\wininet.dll
2009-01-06 17:39 . 2008-10-16 02:02 619,520 -----c— c:\windows\system32\dllcache\urlmon.dll
2009-01-06 17:39 . 2008-12-11 11:57 333,952 -----c— c:\windows\system32\dllcache\srv.sys
2009-01-06 17:37 . 2008-08-14 14:26 2,190,464 -----c— c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-06 17:37 . 2008-08-14 14:26 2,146,816 -----c— c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-06 17:37 . 2008-08-14 14:26 2,067,328 -----c— c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-06 17:37 . 2008-08-14 14:26 2,025,472 -----c— c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-06 17:37 . 2008-09-15 16:27 1,846,656 -----c— c:\windows\system32\dllcache\win32k.sys
2009-01-06 17:36 . 2008-05-08 15:02 203,136 -----c— c:\windows\system32\dllcache\rmcast.sys
2009-01-06 17:35 . 2008-04-11 20:06 691,712 -----c— c:\windows\system32\dllcache\inetcomm.dll
2009-01-06 17:35 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys
2009-01-06 17:35 . 2008-05-01 15:37 331,776 -----c— c:\windows\system32\dllcache\msadce.dll
2009-01-06 17:35 . 2008-10-03 11:04 247,326 -----c— c:\windows\system32\dllcache\strmdll.dll
2009-01-06 17:34 . 2008-10-15 17:36 337,408 -----c— c:\windows\system32\dllcache\netapi32.dll
2009-01-06 11:30 . 2009-01-06 11:30
2009-01-06 11:15 . 2009-01-09 22:11 316,640 --a------ c:\windows\WMSysPr9.prx
2009-01-06 11:14 . 2009-01-06 11:14
2009-01-06 11:14 . 2009-01-06 11:14
2009-01-06 11:14 . 2009-01-09 21:53
2009-01-06 11:12 . 2009-01-09 21:53
2009-01-05 23:13 . 2002-04-15 21:11 67,866 --------- c:\windows\system32\drivers\netwlan5.img
2009-01-05 23:13 . 2008-04-14 22:51 11,264 --------- c:\windows\system32\spnpinst.exe
2009-01-05 23:13 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2009-01-05 23:13 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat
2009-01-05 22:48 . 2008-04-14 18:20 1,092,608 --a------ c:\windows\system32\esent.dll
2009-01-05 22:43 . 2009-01-09 21:53
2009-01-05 22:42 . 2009-01-14 21:20
2009-01-05 22:42 . 2007-08-10 20:53 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-01-05 22:38 . 2008-04-14 18:20 354,304 --a------ c:\windows\system32\winhttp.dll
2009-01-05 22:38 . 2008-04-14 18:20 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-05 22:38 . 2008-04-14 18:20 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-05 22:38 . 2008-04-14 18:20 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-05 22:30 . 2009-01-05 22:29 183,112 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-05 22:30 . 2009-01-05 22:30 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-05 22:30 . 2008-10-23 12:57 63,040 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-05 22:29 . 2009-01-05 22:29
2009-01-05 22:28 . 2009-01-05 22:28
2009-01-05 22:27 . 2009-01-05 22:27
2009-01-05 21:42 . 2009-01-05 21:42
2009-01-05 21:35 . 2009-01-05 21:35
2009-01-05 21:35 . 2009-01-05 21:35
2009-01-05 19:02 . 2009-01-15 17:32 4,096 --a------ c:\windows\system32\crash
2009-01-05 17:29 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-05 17:29 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-05 17:29 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-05 17:29 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-05 17:29 . 2008-04-14 18:21 184,320 --a------ c:\windows\system32\wuaueng1.dll
2009-01-05 17:29 . 2008-04-14 18:21 168,960 --a------ c:\windows\system32\wuauclt1.exe
2009-01-05 17:29 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-05 17:25 . 2009-01-05 17:25
2009-01-05 17:06 . 2009-01-05 17:06 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 15:56 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-01-05 15:08 --------- d-----w c:\documents and settings\M O K\Dane aplikacji\ATI
2009-01-05 15:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI
2009-01-05 15:06 --------- d-----w c:\program files\ATI Technologies
2009-01-05 15:05 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-05 15:04 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-05 15:04 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-05 14:56 --------- d-----w c:\program files\Realtek Sound Manager
2009-01-05 14:56 --------- d-----w c:\program files\Realtek AC97
2009-01-05 14:56 --------- d-----w c:\program files\AvRack
2009-01-05 14:55 --------- d-----w c:\program files\AMD
2009-01-05 14:49 --------- d-----w c:\program files\microsoft frontpage
2009-01-05 14:48 558,142 ----a-w c:\windows\java\Packages\GC7FV53F.ZIP
2009-01-05 14:48 155,995 ----a-w c:\windows\java\Packages\4KDFBHJD.ZIP
2009-01-05 14:46 --------- d-----w c:\program files\Usługi online
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-27 09:38 95,056 ----a-w C:\Kopia DSETUP.dll
2008-10-27 09:38 95,056 ----a-w C:\DSETUP.dll
2008-10-27 09:37 1,692,496 ----a-w C:\dsetup32.dll
2008-10-27 09:36 526,160 ----a-w C:\Kopia DXSETUP.exe
2008-10-27 09:36 526,160 ----a-w C:\DXSETUP.exe
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-27 08:48 80,896 ----a-w c:\windows\system32\dxdllreg.exe
.
------- Sigcheck -------
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows$hf_mig$\KB917953\SP2QFE\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows$NtServicePackUninstall$\tcpip.sys
2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows$NtUninstallKB917953$\tcpip.sys
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows$NtUninstallKB917953_0$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows$NtUninstallKB951748$\tcpip.sys
2009-01-17 16:56 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\ServicePackFiles\i386\tcpip.sys
2009-01-17 16:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\dllcache\tcpip.sys
2009-01-17 16:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-07-04 148776]
“diagnistic”=“c:\windows\diagnistic.exe” [2009-01-23 399384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-07-04 161064]
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-01-05 413696]
“iTunesHelper”=“e:\program files\iTunes\iTunesHelper.exe” [2009-01-06 290088]
“SoundMan”=“SOUNDMAN.EXE” [2006-01-11 c:\windows\soundman.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“e:\Metin2\metin2.bin”=
“e:\combat arms eu\CombatArms.exe”= e:\combat arms eu\CombatArms.exe:*Enabled:CombatArms.exe
“e:\combat arms eu\Engine.exe”= e:\combat arms eu\Engine.exe:*Enabled:Engine.exe
“e:\Combat Arms EU\NMService.exe”=
“e:\Program Files\Mass Effect\Binaries\MassEffect.exe”=
“e:\Program Files\Mass Effect\MassEffectLauncher.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“e:\Program Files\BitComet\BitComet.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“e:\Program Files\iTunes\iTunes.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8019:TCP”= 8019:TCP:BitComet 8019 TCP
“8019:UDP”= 8019:UDP:BitComet 8019 UDP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“c:\program files\Common Files\LightScribe\LSRunOnce.exe”
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: Pobierz wszystkie VIdeo za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M O K\Dane aplikacji\Mozilla\Firefox\Profiles\3w6lrvj8.default\
FF - prefs.js: browser.startup.homepage - http://www.google.pl
FF - component: c:\documents and settings\M O K\Dane aplikacji\Mozilla\Firefox\Profiles\3w6lrvj8.default\extensions{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 17:26:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1532298954-725345543-1003\Software\SecuROM\License information*]
“datasecu”=hex:d8,e1,64,33,5e,92,67,9e,f1,ef,dc,46,9d,af,54,11,83,ff,db,76,ea,
36,e2,df,35,44,f3,f5,9d,bc,b8,81,72,1c,88,22,2f,9d,89,74,ba,fd,9c,45,82,e3,\
“rkeysecu”=hex:d6,04,a7,66,a4,2c,bd,bd,10,cd,68,53,cd,63,85,a0
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-01-27 17:27:27
ComboFix-quarantined-files.txt 2009-01-27 16:27:26
Przed: 39 264 608 256 bajtów wolnych
Po: 39,468,187,648 bajtów wolnych
238 — E O F — 2009-01-17 16:29:50
– Dodane 27.01.2009 (Wt) 17:29 –
Tylko teraz nie wiem bo widze ze sprawdzal C a nie E wiec nie wiem,nie znam sie na tym programie
– Dodane 27.01.2009 (Wt) 17:43 –
DO TEGO PRZY URUCHOMIENU WINDOWSA WYSKAKUJE COS TAKIEGO
—http://przy.urachamianiu.patrz.pl/WEREWOLF836
– Dodane 27.01.2009 (Wt) 20:34 –
Fajnie widze ze nikt nie potrafi odpowiedziec na ten problem,dzięki