Denerwujące pliki WINFILE i logi ComboFix i HiJackThis

DragonFly · 27 Lipiec 2008 19:48

Witam.

Mam problem bo na wszystkich partycjach znajduje się plik WINFILE.

Nie da się go usunąć, tzn da sie ale po chwili jest znowu.

Log ComboFix.

ComboFix 08-07-27.2 - MazQuick 2008-07-27 21:43:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2953 [GMT 2:00]

Running from: C:\Documents and Settings\MazQuick\Pulpit\ComboFix.exe

 * Created a new restore point


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\system32\Cache


----- File Replicators -----


C:\WINDOWS\$hf_mig$\KB911164\update\update.exe

C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]1108c8ae67042f4e24912e4ceb82d52\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]11bc58e4a226a447313555c4f89fd29\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]5ab8c082e41089957695756477f164e\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]a943bdee5944948fb2fd718a69f36f3\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]b44b48479fafca75e5c2c5f21a913b5\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]dc65f8b8fd17c1fd33483ff6d468fa7\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\[u]0[/u]e26d8140e970b275f9ff000fa9b699d\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\10b6b8c0b8095d0a1b3d60a1386bdf12\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\11b3ce98cfb233b15a47498312d80dcf\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\1468bd6c09fb7bee41c0601e613dd331\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\15e08cc41524866b47fa24d29330e451\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\1d321bc409adf4bb79dc731a7bae2259\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\1e498bf3b8bd0df95c4c21f904a35064\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\268207b28c36110e4790db96c9828f09\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2d0cbab730681f104a09049e740f4d0a\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\2d13520e9735f891997d434d6799f76b\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\326f77e18eb618d99f9137413c1ed0f1\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\339bd89a8af69f7a63b3dbbeacb45e07\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\37d7f04ae49377aa8ad4f6cf6165c19e\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\3e6e93f535aa67cbec94365f8f3dd6b2\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\4142545b9df28002ac8ad3d89a1280a1\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\451957319b67021a35ca2a8ddf7799fa\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\5489c55f3a68fb6bc115855101605715\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\63ed80b1a356a0945d1a7a75aa8c7d50\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\644e8ec70e18239c525e644ea082da38\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\654417c0c7eb3ab3ac3c4271d8634bf5\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\6864a7b2406ca1df1ac771ba5d6aed71\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\7187e07a26b9ad7eeba1c16eed0b1294\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\7193771b866e98ef7e2725ea0699a261\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\75e018f5597842d1220cc86b6dd8f401\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\75fbd241c542f5a01412c2129075992e\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\7b3c7bb4c0e35bf3445fc83e904f3382\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\83d567acfbda4142f1db831007ef6564\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\84e4fe9d0cdbadf678c714cf9e92dac2\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\86eff9523196b176b614dac25ad4b690\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\933812e367f3503ccf39e5abb02d9f25\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\a99742000f92e0ed008d1c0f12293d93\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c383584119af831a75aa3baf2b5378b8\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c3fff057accd61c8260edd1135bf8202\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c556d8b3bc368a24b6159c2d1e667902\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c6fa644827c98b9de8999296da8b4e1b\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\c7b891cc65ca659d73999f8c25d6ebf6\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\d0596b1429e84382fde94c99616455ff\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\d94111772f41011554af35ace1bd70c2\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\dab0498c9daad1d46b20213b3bf19ba1\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\dac8089835352e0ebb2500279a845b10\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\dc155e9ed27d03087f74d965fc8ad6bc\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\de2ff6b4496819d70b65ea5c4fde6e96\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\dfe141584374dc129b01618d13258329\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e065feb13ccd50171fca42b8a578df87\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e4be706e2e1d4b15fe5a35f81b466806\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e4c7ec7fe36270bf8c9470897f208ed8\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e614615fcfbd7e9cfd5149ed66265d75\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\e66e31b345bb5965f74fde1120ec757c\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\eca8b726d8ada5c66c903c4de9c0b2a5\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\f67edee5a8e01b8fdf4fc571a0bac529\update\update.exe

C:\WINDOWS\SoftwareDistribution\Download\fe4468dc14a5ff0397e617e1d36874f6\update\update.exe

.

.

((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))

.


2013-11-25 03:24 . 2013-11-25 03:24	53,765	--a------	C:\WINFILE.EXE

2008-07-27 20:04 . 2008-07-27 20:04	697	---hs----	C:\comment.htt

2008-07-27 20:04 . 2008-07-27 20:04	72	---hs----	C:\desktop.ini

2008-07-22 12:00 . 2008-07-22 12:00	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll

2008-07-22 11:54 . 2007-07-19 18:14	3,727,720	--a------	C:\WINDOWS\system32\d3dx9_35.dll

2008-07-22 11:54 . 2007-05-16 16:45	3,497,832	--a------	C:\WINDOWS\system32\d3dx9_34.dll

2008-07-22 11:54 . 2007-07-19 18:14	1,358,192	--a------	C:\WINDOWS\system32\D3DCompiler_35.dll

2008-07-22 11:54 . 2007-05-16 16:45	1,124,720	--a------	C:\WINDOWS\system32\D3DCompiler_34.dll

2008-07-22 11:54 . 2007-07-19 18:14	444,776	--a------	C:\WINDOWS\system32\d3dx10_35.dll

2008-07-22 11:54 . 2007-05-16 16:45	443,752	--a------	C:\WINDOWS\system32\d3dx10_34.dll

2008-07-22 11:54 . 2007-04-04 18:53	81,768	--a------	C:\WINDOWS\system32\xinput1_3.dll

2008-07-22 11:48 . 2008-07-27 21:32	




Log HiJackThis

[code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:15, on 2008-07-27 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\V0350Mon.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\MazQuick\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” O4 - HKLM…\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 O4 - HKLM…\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214821359687 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – End of file - 3676 bytes

Z góry dziękuje za pomoc.

EDIT: Ah tak…

Log CF: http://wklej.org/id/c238eaed13

Log HJT: http://wklej.org/id/8843a8280f

huber2t · 27 Lipiec 2008 20:21

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINFILE.EXE

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link

DragonFly · 27 Lipiec 2008 20:25

http://wklej.org/id/ac2e671c8c

huber2t · 27 Lipiec 2008 20:29

Usuń to:

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

Leon1 · 27 Lipiec 2008 20:32

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

z pozostałych partycji też to usuń \WINFILE.EXE

:)trochę się spóźniłem ale zrób to bo hubert tych plików nie usunął

DragonFly · 27 Lipiec 2008 20:48

Ok wszystko zrobiłem oprócz skana Kasperkim.

Nie moge wysłać zgody na skanowanie, coś blokuje ten ■■■■ :-x

Zrobiłem skana Dr. CureIt’em i znalazł tam troche tego. Usunął.

Ale te j***e pliki nadal się pokazują

Leon1 · 27 Lipiec 2008 20:55

a gdzie log z usuwania