Co to za blad?jak sie go pozbyc?

werewolf836 · 27 Styczeń 2009 15:43

Witam od ostatnich dni pokazuje mi sie cos takiego jesli klikne na jakis plik na partycji e

tutaj lonk do screena --> http://bladd.patrz.pl/werewolf836

SyntaxError · 27 Styczeń 2009 15:54

Zapewne masz tam jakiś plik autorun zrobiony przez wirusa. Daj logi z combofix. A jak chcesz dostać się na dysk to: wklep w pasku adresu np. c:

werewolf836 · 27 Styczeń 2009 16:28

ComboFix 09-01-21.04 - M O K 2009-01-27 17:25:51.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.690 [GMT 1:00]

Uruchomiony z: E:\ComboFix.exe

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-27 do 2009-01-27 )))))))))))))))))))))))))))))))

.

2009-01-27 11:56 . 2009-01-27 12:31

2009-01-27 11:56 . 2009-01-27 11:56

2009-01-27 11:55 . 2009-01-27 11:55

2009-01-27 11:55 . 2009-01-27 12:32

2009-01-27 11:55 . 2009-01-27 11:55

2009-01-23 13:29 . 2009-01-23 13:28 399,384 --a------ c:\windows\diagnistic.exe

2009-01-22 17:45 . 2009-01-22 17:45

2009-01-22 17:45 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-01-22 17:45 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-01-22 17:44 . 2009-01-22 17:45

2009-01-22 17:44 . 2009-01-22 17:44

2009-01-17 17:28 . 2009-01-17 17:28

2009-01-14 11:44 . 2009-01-14 11:44

2009-01-13 11:02 . 2009-01-26 18:26

2009-01-11 19:50 . 2009-01-25 19:53

2009-01-11 19:33 . 2009-01-25 14:16 69 --a------ c:\windows\NeroDigital.ini

2009-01-11 18:58 . 2009-01-20 10:20

2009-01-10 22:36 . 2008-04-14 18:20 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-01-10 22:36 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-01-10 22:36 . 2008-04-13 19:45 15,104 --a–c— c:\windows\system32\dllcache\usbscan.sys

2009-01-10 22:36 . 2001-10-26 17:29 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-01-09 21:53 . 2009-01-09 21:53

2009-01-09 11:54 . 2009-01-09 11:54

2009-01-07 20:58 . 2009-01-07 20:58 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2009-01-07 20:55 . 2009-01-07 20:55

2009-01-07 20:36 . 2009-01-07 20:36

2009-01-07 20:31 . 2009-01-07 20:31

2009-01-07 20:31 . 2009-01-11 19:34

2009-01-07 20:29 . 2009-01-07 20:29

2009-01-07 20:29 . 2009-01-07 20:31

2009-01-07 20:29 . 2009-01-07 20:29

2009-01-06 18:00 . 2008-04-14 18:20 651,264 --------- c:\windows\system32\dot3ui.dll

2009-01-06 17:41 . 2008-06-14 18:36 273,024 -----c— c:\windows\system32\dllcache\bthport.sys

2009-01-06 17:41 . 2008-08-14 11:04 138,496 -----c— c:\windows\system32\dllcache\afd.sys

2009-01-06 17:39 . 2008-12-12 18:03 3,088,896 -----c— c:\windows\system32\dllcache\mshtml.dll

2009-01-06 17:39 . 2008-10-16 02:02 1,499,136 -----c— c:\windows\system32\dllcache\shdocvw.dll

2009-01-06 17:39 . 2008-10-16 02:02 668,672 -----c— c:\windows\system32\dllcache\wininet.dll

2009-01-06 17:39 . 2008-10-16 02:02 619,520 -----c— c:\windows\system32\dllcache\urlmon.dll

2009-01-06 17:39 . 2008-12-11 11:57 333,952 -----c— c:\windows\system32\dllcache\srv.sys

2009-01-06 17:37 . 2008-08-14 14:26 2,190,464 -----c— c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-06 17:37 . 2008-08-14 14:26 2,146,816 -----c— c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-06 17:37 . 2008-08-14 14:26 2,067,328 -----c— c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-06 17:37 . 2008-08-14 14:26 2,025,472 -----c— c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-06 17:37 . 2008-09-15 16:27 1,846,656 -----c— c:\windows\system32\dllcache\win32k.sys

2009-01-06 17:36 . 2008-05-08 15:02 203,136 -----c— c:\windows\system32\dllcache\rmcast.sys

2009-01-06 17:35 . 2008-04-11 20:06 691,712 -----c— c:\windows\system32\dllcache\inetcomm.dll

2009-01-06 17:35 . 2008-10-24 12:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys

2009-01-06 17:35 . 2008-05-01 15:37 331,776 -----c— c:\windows\system32\dllcache\msadce.dll

2009-01-06 17:35 . 2008-10-03 11:04 247,326 -----c— c:\windows\system32\dllcache\strmdll.dll

2009-01-06 17:34 . 2008-10-15 17:36 337,408 -----c— c:\windows\system32\dllcache\netapi32.dll

2009-01-06 11:30 . 2009-01-06 11:30

2009-01-06 11:15 . 2009-01-09 22:11 316,640 --a------ c:\windows\WMSysPr9.prx

2009-01-06 11:14 . 2009-01-06 11:14

2009-01-06 11:14 . 2009-01-09 21:53

2009-01-06 11:12 . 2009-01-09 21:53

2009-01-05 23:13 . 2002-04-15 21:11 67,866 --------- c:\windows\system32\drivers\netwlan5.img

2009-01-05 23:13 . 2008-04-14 22:51 11,264 --------- c:\windows\system32\spnpinst.exe

2009-01-05 23:13 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig

2009-01-05 23:13 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat

2009-01-05 22:48 . 2008-04-14 18:20 1,092,608 --a------ c:\windows\system32\esent.dll

2009-01-05 22:43 . 2009-01-09 21:53

2009-01-05 22:42 . 2009-01-14 21:20

2009-01-05 22:42 . 2007-08-10 20:53 26,488 --a------ c:\windows\system32\spupdsvc.exe

2009-01-05 22:38 . 2008-04-14 18:20 354,304 --a------ c:\windows\system32\winhttp.dll

2009-01-05 22:38 . 2008-04-14 18:20 18,944 --a------ c:\windows\system32\qmgrprxy.dll

2009-01-05 22:38 . 2008-04-14 18:20 8,192 --------- c:\windows\system32\bitsprx2.dll

2009-01-05 22:38 . 2008-04-14 18:20 7,168 --------- c:\windows\system32\bitsprx3.dll

2009-01-05 22:30 . 2009-01-05 22:29 183,112 --a------ c:\windows\system32\PnkBstrB.exe

2009-01-05 22:30 . 2009-01-05 22:30 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-01-05 22:30 . 2008-10-23 12:57 63,040 --a------ c:\windows\system32\PnkBstrA.exe

2009-01-05 22:29 . 2009-01-05 22:29

2009-01-05 22:28 . 2009-01-05 22:28

2009-01-05 22:27 . 2009-01-05 22:27

2009-01-05 21:42 . 2009-01-05 21:42

2009-01-05 21:35 . 2009-01-05 21:35

2009-01-05 19:02 . 2009-01-15 17:32 4,096 --a------ c:\windows\system32\crash

2009-01-05 17:29 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll

2009-01-05 17:29 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll

2009-01-05 17:29 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl

2009-01-05 17:29 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll

2009-01-05 17:29 . 2008-04-14 18:21 184,320 --a------ c:\windows\system32\wuaueng1.dll

2009-01-05 17:29 . 2008-04-14 18:21 168,960 --a------ c:\windows\system32\wuauclt1.exe

2009-01-05 17:29 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll

2009-01-05 17:25 . 2009-01-05 17:25

2009-01-05 17:06 . 2009-01-05 17:06 0 --a------ c:\windows\nsreg.dat

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-17 15:56 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys

2009-01-05 15:08 --------- d-----w c:\documents and settings\M O K\Dane aplikacji\ATI

2009-01-05 15:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI

2009-01-05 15:06 --------- d-----w c:\program files\ATI Technologies

2009-01-05 15:05 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-05 15:04 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-05 15:04 --------- d-----w c:\program files\Common Files\ATI Technologies

2009-01-05 14:56 --------- d-----w c:\program files\Realtek Sound Manager

2009-01-05 14:56 --------- d-----w c:\program files\Realtek AC97

2009-01-05 14:56 --------- d-----w c:\program files\AvRack

2009-01-05 14:55 --------- d-----w c:\program files\AMD

2009-01-05 14:49 --------- d-----w c:\program files\microsoft frontpage

2009-01-05 14:48 558,142 ----a-w c:\windows\java\Packages\GC7FV53F.ZIP

2009-01-05 14:48 155,995 ----a-w c:\windows\java\Packages\4KDFBHJD.ZIP

2009-01-05 14:46 --------- d-----w c:\program files\Usługi online

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-10-27 09:38 95,056 ----a-w C:\Kopia DSETUP.dll

2008-10-27 09:38 95,056 ----a-w C:\DSETUP.dll

2008-10-27 09:37 1,692,496 ----a-w C:\dsetup32.dll

2008-10-27 09:36 526,160 ----a-w C:\Kopia DXSETUP.exe

2008-10-27 09:36 526,160 ----a-w C:\DXSETUP.exe

2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll

2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll

2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll

2008-10-27 08:48 80,896 ----a-w c:\windows\system32\dxdllreg.exe

.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows$hf_mig$\KB917953\SP2GDR\tcpip.sys

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows$hf_mig$\KB917953\SP2QFE\tcpip.sys

2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows$hf_mig$\KB951748\SP3QFE\tcpip.sys

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows$NtServicePackUninstall$\tcpip.sys

2004-08-04 07:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows$NtUninstallKB917953$\tcpip.sys

2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 c:\windows$NtUninstallKB917953_0$\tcpip.sys

2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows$NtUninstallKB951748$\tcpip.sys

2009-01-17 16:56 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\ServicePackFiles\i386\tcpip.sys

2009-01-17 16:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\dllcache\tcpip.sys

2009-01-17 16:56 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-18 12:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-07-04 148776]

“diagnistic”=“c:\windows\diagnistic.exe” [2009-01-23 399384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]

“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-07-04 161064]

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-01-05 413696]

“iTunesHelper”=“e:\program files\iTunes\iTunesHelper.exe” [2009-01-06 290088]

“SoundMan”=“SOUNDMAN.EXE” [2006-01-11 c:\windows\soundman.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“e:\Metin2\metin2.bin”=

“e:\combat arms eu\CombatArms.exe”= e:\combat arms eu\CombatArms.exe:*Enabled:CombatArms.exe

“e:\combat arms eu\Engine.exe”= e:\combat arms eu\Engine.exe:*Enabled:Engine.exe

“e:\Combat Arms EU\NMService.exe”=

“e:\Program Files\Mass Effect\Binaries\MassEffect.exe”=

“e:\Program Files\Mass Effect\MassEffectLauncher.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“e:\Program Files\BitComet\BitComet.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“e:\Program Files\iTunes\iTunes.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“8019:TCP”= 8019:TCP:BitComet 8019 TCP

“8019:UDP”= 8019:UDP:BitComet 8019 UDP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“c:\program files\Common Files\LightScribe\LSRunOnce.exe”

.

Zawartość folderu ‘Zaplanowane zadania’

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

------- Skan uzupełniający -------

.

uInternet Settings,ProxyOverride = *.local

IE: Pobierz wszystkie VIdeo za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Pobierz wszystko za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Pobierz za pomocą BitComet - e:\program files\BitComet\BitComet.exe/AddLink.htm

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\M O K\Dane aplikacji\Mozilla\Firefox\Profiles\3w6lrvj8.default\

FF - prefs.js: browser.startup.homepage - http://www.google.pl

FF - component: c:\documents and settings\M O K\Dane aplikacji\Mozilla\Firefox\Profiles\3w6lrvj8.default\extensions{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-27 17:26:41

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1532298954-725345543-1003\Software\SecuROM\License information*]

“datasecu”=hex:d8,e1,64,33,5e,92,67,9e,f1,ef,dc,46,9d,af,54,11,83,ff,db,76,ea,

36,e2,df,35,44,f3,f5,9d,bc,b8,81,72,1c,88,22,2f,9d,89,74,ba,fd,9c,45,82,e3,\

“rkeysecu”=hex:d6,04,a7,66,a4,2c,bd,bd,10,cd,68,53,cd,63,85,a0

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - ‘winlogon.exe’(676)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-01-27 17:27:27

ComboFix-quarantined-files.txt 2009-01-27 16:27:26

Przed: 39 264 608 256 bajtów wolnych

Po: 39,468,187,648 bajtów wolnych

238 — E O F — 2009-01-17 16:29:50

– Dodane 27.01.2009 (Wt) 17:29 –

Tylko teraz nie wiem bo widze ze sprawdzal C a nie E wiec nie wiem,nie znam sie na tym programie

– Dodane 27.01.2009 (Wt) 17:43 –

DO TEGO PRZY URUCHOMIENU WINDOWSA WYSKAKUJE COS TAKIEGO

—http://przy.urachamianiu.patrz.pl/WEREWOLF836

– Dodane 27.01.2009 (Wt) 20:34 –

Fajnie widze ze nikt nie potrafi odpowiedziec na ten problem,dzięki